PT-2019-11195 · Apache · Apache Archiva

Martin

Published

2019-04-30

Updated

2021-07-21

CVE-2019-0214

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Apache Archiva versions 2.0.0 through 2.2.3

Description: The issue allows writing files to the Archiva server at arbitrary locations using the artifact upload mechanism. It is also possible to overwrite existing files if the Archiva run user has the appropriate permission on the filesystem for the target file.

Recommendations: For Apache Archiva versions 2.0.0 through 2.2.3, consider restricting the artifact upload mechanism to prevent writing files to arbitrary locations until a patch is available. As a temporary workaround, review and restrict file system permissions for the Archiva run user to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2019-0214

GHSA-JXGM-9F58-W4XP

Affected Products

Apache Archiva

PT-2019-11195 · Apache · Apache Archiva

CVE-2019-0214

Weakness Enumeration

Related Identifiers

Affected Products

References · 17