Apache archiva
This hub aggregates every CVE we track for Apache archiva, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
0
Critical
4
High
0
In CISA KEV
Severity distribution
MEDIUM6HIGH4
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 10 most recently published vulnerabilities affecting Apache archiva.
- CVE-2024-27138Apache Archiva: disabling user registration is not effective7.5
- CVE-2024-27139Apache Archiva: incorrect authentication potentially leading to account takeover7.5
- CVE-2024-27140Apache Archiva: reflected XSS5.4
- CVE-2023-28158Apache Archiva privilege escalation6.5
- CVE-2022-40309Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories4.3
- CVE-2022-40308Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files7.5
- CVE-2022-29405Apache Archiva Arbitrary user password reset vulnerability6.5
- CVE-2019-0214In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva...6.5
- CVE-2019-0213In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users wi...6.5
- CVE-2017-5657Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HT...8.0
Product normalization is registry-driven with AI assist and human review. How it works