Maven/Org.apache.archiva/Archiva-Common | GitLab Advisory Database

2024

Apache Archiva Reflected Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward …

2022

Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user

If anonymous read enabled, it's possible to read the database file directly without logging in.

Apache Archiva subject to arbitrary directory deletion by users.

Users with write permissions to a repository can delete arbitrary directories.

Advisories for Maven/Org.apache.archiva/Archiva-Common package