CVE-2019-0214

By Year
2019
CVE-2019-0214

Track security vulnerabilities

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

Published at

2019-04-30

992 days ago

Modified

2019-05-02

990 days ago

2019

Year

The year of the turtle

http://www.securityfocus.com/bid/108124

BID:108124

Read More about it More info

https://seclists.org/bugtraq/2019/Apr/48

BUGTRAQ:20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server

Read More about it More info

http://archiva.apache.org/security.html#CVE-2019-0214

CONFIRM:http://archiva.apache.org/security.html#CVE-2019-0214

Read More about it More info

http://packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-Delete.html

MISC:http://packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-Delete.html

Read More about it More info

https://lists.apache.org/thread.html/18b670afc2f83034f47ebeb2f797c350fe60f1f2b33c95b95f467ef8@%3Cannounce.apache.org%3E

MLIST:[announce] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server

Read More about it More info

https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E

MLIST:[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0

Read More about it More info

https://lists.apache.org/thread.html/5851cb0214f22ba681fb445870eeb6b01afd1fb614e45a22978d7dda@%3Cusers.archiva.apache.org%3E

MLIST:[archiva-users] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server

Read More about it More info

https://lists.apache.org/thread.html/239349b6dd8f66cf87a70c287b03af451dea158b776d3dfc550b4f0e@%3Cusers.maven.apache.org%3E

MLIST:[maven-users] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server

Read More about it More info

http://www.openwall.com/lists/oss-security/2019/04/30/8

MLIST:[oss-security] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server

Read More about it More info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2019-0214"
	},
	"Notes": {
		"Note": [
			{
				"_text": "In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file."
			},
			{
				"_text": "2019-04-30"
			},
			{
				"_text": "2019-05-02"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2019-0214"
	},
	"References": {
		"Reference": [
			{
				"URL": {
					"_text": "http://www.securityfocus.com/bid/108124"
				},
				"Description": {
					"_text": "BID:108124"
				}
			},
			{
				"URL": {
					"_text": "https://seclists.org/bugtraq/2019/Apr/48"
				},
				"Description": {
					"_text": "BUGTRAQ:20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server"
				}
			},
			{
				"URL": {
					"_text": "http://archiva.apache.org/security.html#CVE-2019-0214"
				},
				"Description": {
					"_text": "CONFIRM:http://archiva.apache.org/security.html#CVE-2019-0214"
				}
			},
			{
				"URL": {
					"_text": "http://packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-Delete.html"
				},
				"Description": {
					"_text": "MISC:http://packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-Delete.html"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/18b670afc2f83034f47ebeb2f797c350fe60f1f2b33c95b95f467ef8@%3Cannounce.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[announce] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/5851cb0214f22ba681fb445870eeb6b01afd1fb614e45a22978d7dda@%3Cusers.archiva.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[archiva-users] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server"
				}
			},
			{
				"URL": {
					"_text": "https://lists.apache.org/thread.html/239349b6dd8f66cf87a70c287b03af451dea158b776d3dfc550b4f0e@%3Cusers.maven.apache.org%3E"
				},
				"Description": {
					"_text": "MLIST:[maven-users] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server"
				}
			},
			{
				"URL": {
					"_text": "http://www.openwall.com/lists/oss-security/2019/04/30/8"
				},
				"Description": {
					"_text": "MLIST:[oss-security] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server"
				}
			}
		]
	}
}