CVE-2019-0213: Improper Input Validation

April 30, 2019 (updated May 6, 2019)

In Apache Archiva it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

References

archiva.apache.org/security.html
packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html
www.securityfocus.com/bid/108123
nvd.nist.gov/vuln/detail/CVE-2019-0213

Detect and mitigate CVE-2019-0213 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →