mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
102 lines
4.2 KiB
JSON
102 lines
4.2 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2019-0213",
|
|
"ASSIGNER": "security@apache.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Apache",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache Archiva",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions prior to version 2.2.4"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Stored XSS"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "BUGTRAQ",
|
|
"name": "20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS",
|
|
"url": "https://seclists.org/bugtraq/2019/Apr/47"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[maven-users] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS",
|
|
"url": "https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97@%3Cusers.maven.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[archiva-users] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS",
|
|
"url": "https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3@%3Cusers.archiva.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS",
|
|
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/7"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html",
|
|
"url": "http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "http://archiva.apache.org/security.html#CVE-2019-0213",
|
|
"url": "http://archiva.apache.org/security.html#CVE-2019-0213"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0",
|
|
"url": "https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "BID",
|
|
"name": "108123",
|
|
"url": "http://www.securityfocus.com/bid/108123"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[announce] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS",
|
|
"url": "https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d@%3Cannounce.apache.org%3E"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised."
|
|
}
|
|
]
|
|
}
|
|
} |