Archiva
This hub aggregates every CVE we track for Archiva, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
20
CVEs tracked
1
Critical
5
High
1
In CISA KEV
Severity distribution
MEDIUM14HIGH5CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Archiva.
- CVE-2024-27138Apache Archiva: disabling user registration is not effective7.5
- CVE-2024-27139Apache Archiva: incorrect authentication potentially leading to account takeover7.5
- CVE-2024-27140Apache Archiva: reflected XSS5.4
- CVE-2023-28158Apache Archiva privilege escalation6.5
- CVE-2022-40309Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories4.3
- CVE-2022-40308Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files7.5
- CVE-2022-29405Apache Archiva Arbitrary user password reset vulnerability6.5
- CVE-2020-9495Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login...5.3
- CVE-2019-0214In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva...6.5
- CVE-2019-0213In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users wi...6.5
- CVE-2017-5657Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HT...8.0
- CVE-2016-4469Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new re...8.8
- CVE-2016-5005Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId paramet...4.8
- CVE-2013-2187Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related ...4.3
- CVE-2013-2251Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.KEV9.8
Product normalization is registry-driven with AI assist and human review. How it works