Vulnerability Details : CVE-2019-0214
In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.
Products affected by CVE-2019-0214
- cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-0214
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-0214
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:P |
8.0
|
4.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2019-0214
-
https://seclists.org/bugtraq/2019/Apr/48
Bugtraq: [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the serverMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/18b670afc2f83034f47ebeb2f797c350fe60f1f2b33c95b95f467ef8@%3Cannounce.apache.org%3E
Pony Mail!Vendor Advisory
-
http://packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-Delete.html
Apache Archiva 2.2.3 File Write / Delete ≈ Packet StormMitigation;Third Party Advisory;VDB Entry
-
http://archiva.apache.org/security.html#CVE-2019-0214
Archiva – Security VulnerabilitiesVendor Advisory
-
http://www.openwall.com/lists/oss-security/2019/04/30/8
oss-security - [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the serverMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/108124
Apache Archiva CVE-2019-0214 Arbitrary File Write VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/239349b6dd8f66cf87a70c287b03af451dea158b776d3dfc550b4f0e@%3Cusers.maven.apache.org%3E
[SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/5851cb0214f22ba681fb445870eeb6b01afd1fb614e45a22978d7dda@%3Cusers.archiva.apache.org%3E
[SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E
[jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0 - Pony MailThird Party Advisory
Jump to