CVE-2019-0214

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Archiva
Vendor: CVE Published:; 30 April 2019

Summary

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

Affected Version(s)

Apache Archiva All versions prior to version 2.2.4

References

https://lists.apache.org/thread.html/239349b6dd8f66cf87a7...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/5851cb0214f22ba681fb...

mailing-listx_refsource_MLIST

https://seclists.org/bugtraq/2019/Apr/48

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2019
Vulnerability Reserved
Nov 14, 2018

.