CVE-2019-0214

Name of the Vulnerable Software and Affected Versions: Apache Archiva versions 2.0.0 through 2.2.3

Description: The issue allows writing files to the Archiva server at arbitrary locations using the artifact upload mechanism. It is also possible to overwrite existing files if the Archiva run user has the appropriate permission on the filesystem for the target file.

Recommendations: For Apache Archiva versions 2.0.0 through 2.2.3, consider restricting the artifact upload mechanism to prevent writing files to arbitrary locations until a patch is available. As a temporary workaround, review and restrict file system permissions for the Archiva run user to minimize the risk of exploitation.