Org.apache.archiva:archiva
This hub aggregates every CVE we track for Org.apache.archiva:archiva, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
0
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM8HIGH3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 11 most recently published vulnerabilities affecting Org.apache.archiva:archiva.
- CVE-2024-27138Apache Archiva: disabling user registration is not effective7.5
- CVE-2024-27139Apache Archiva: incorrect authentication potentially leading to account takeover7.5
- CVE-2023-28158Apache Archiva privilege escalation6.5
- CVE-2022-29405Apache Archiva Arbitrary user password reset vulnerability6.5
- CVE-2020-9495Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login...5.3
- CVE-2019-0214In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva...6.5
- CVE-2019-0213In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users wi...6.5
- CVE-2017-5657Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HT...8.0
- CVE-2016-5005Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId paramet...4.8
- CVE-2011-0533Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbit...4.3
- CVE-2010-4408Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which m...6.8
Product normalization is registry-driven with AI assist and human review. How it works