CVE-2019-0214: Improper Input Validation

April 30, 2019 (updated May 3, 2019)

In Apache Archiva, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

References

archiva.apache.org/security.html
packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-Delete.html
www.securityfocus.com/bid/108124
nvd.nist.gov/vuln/detail/CVE-2019-0214

Detect and mitigate CVE-2019-0214 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →