CVE-2019-0213

By Year
2019
CVE-2019-0213

Track security vulnerabilities

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

Published at

2019-04-30

992 days ago

Modified

2019-05-06

986 days ago

2019

Year

The year of the turtle

http://www.securityfocus.com/bid/108123

BID:108123

Read More about it More info

https://seclists.org/bugtraq/2019/Apr/47

BUGTRAQ:20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

Read More about it More info

http://archiva.apache.org/security.html#CVE-2019-0213

MISC:http://archiva.apache.org/security.html#CVE-2019-0213

Read More about it More info

http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html

MISC:http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html

Read More about it More info

https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d@%3Cannounce.apache.org%3E

MLIST:[announce] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

Read More about it More info

https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E

MLIST:[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0

Read More about it More info

https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3@%3Cusers.archiva.apache.org%3E

MLIST:[archiva-users] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

Read More about it More info

https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97@%3Cusers.maven.apache.org%3E

MLIST:[maven-users] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

Read More about it More info

http://www.openwall.com/lists/oss-security/2019/04/30/7

MLIST:[oss-security] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

Read More about it More info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2019-0213"
	},
	"Notes": {
		"Note": [
			{
				"_text": "In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised."
			},
			{
				"_text": "2019-04-30"
			},
			{
				"_text": "2019-05-06"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2019-0213"
	},
	"References": {
		"Reference": [
			{
				"URL": {
					"_text": "http://www.securityfocus.com/bid/108123"
				},
				"Description": {
					"_text": "BID:108123"
				}
			},
			{
				"URL": {
					"_text": "https://seclists.org/bugtraq/2019/Apr/47"
				},
				"Description": {
					"_text": "BUGTRAQ:20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS"
				}
			},
			{
				"URL": {
					"_text": "http://archiva.apache.org/security.html#CVE-2019-0213"
				},
				"Description": {
					"_text": "MISC:http://archiva.apache.org/security.html#CVE-2019-0213"
				}
			},
			{
				"URL": {
					"_text": "http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html"
				},
				"Description": {
					"_text": "MISC:http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d@%3Cannounce.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[announce] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3@%3Cusers.archiva.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[archiva-users] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97@%3Cusers.maven.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[maven-users] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS"
				}
			},
			{
				"URL": {
					"_text": "http://www.openwall.com/lists/oss-security/2019/04/30/7"
				},
				"Description": {
					"_text": "MLIST:[oss-security] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS"
				}
			}
		]
	}
}