CVE-2019-0213

Name of the Vulnerable Software and Affected Versions: Apache Archiva versions prior to 2.2.4

Description: The issue allows storing malicious XSS code in central configuration entries, such as the logo URL, which can be done by users with an admin role. Additionally, it is possible to write files to the Archiva server at arbitrary locations using the artifact upload mechanism, potentially overwriting existing files if the Archiva run user has the necessary filesystem permissions.

Recommendations: For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration entries and the artifact upload mechanism to minimize the risk of exploitation.