admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-02xx/CVE-2019-0213.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

209 lines
6.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-0213",
"sourceIdentifier": "security@apache.org",
"published": "2019-04-30T22:29:00.793",
"lastModified": "2024-11-21T04:16:30.047",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised."
},
{
"lang": "es",
"value": "En Apache Archiva anterior a versi\u00f3n 2.2.4, puede ser posible almacenar c\u00f3digo XSS malicioso en entradas de configuraci\u00f3n central, es decir, la URL logo. La vulnerabilidad es considerada un riesgo menor, ya que solo los usuarios con rol de administrador pueden cambiar la configuraci\u00f3n, o la comunicaci\u00f3n entre el navegador y el servidor Archiva debe verse comprometida."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"baseScore": 5.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.4",
"matchCriteriaId": "6AB5FF1B-F9F2-458C-BFE7-BA144AE1CAF2"
}
]
}
]
}
],
"references": [
{
"url": "http://archiva.apache.org/security.html#CVE-2019-0213",
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html",
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/7",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/108123",
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3%40%3Cusers.archiva.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d%40%3Cannounce.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97%40%3Cusers.maven.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://seclists.org/bugtraq/2019/Apr/47",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://archiva.apache.org/security.html#CVE-2019-0213",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/7",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/108123",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3%40%3Cusers.archiva.apache.org%3E",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d%40%3Cannounce.apache.org%3E",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97%40%3Cusers.maven.apache.org%3E",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://seclists.org/bugtraq/2019/Apr/47",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink