CVE-2018-1299

Name of the Vulnerable Software and Affected Versions Apache Allura versions prior to 1.8.0

Description The issue allows unauthenticated attackers to retrieve arbitrary files through the Allura web application. The success of the attack may depend on the web server used with Allura, with some configurations such as Nginx, Apache/mod wsgi, or paster potentially preventing the attack, while others like gunicorn do not prevent it.

Recommendations For Apache Allura versions prior to 1.8.0, update to version 1.8.0 or later to resolve the issue. As a temporary workaround, consider using a web server configuration that prevents the attack, such as Nginx, Apache/mod wsgi, or paster, until the update can be applied.