CVE-2019-0213 — MEDIUM (6.5)

Q: How severe is CVE-2019-0213?

CVE-2019-0213 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-0213?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Archiva.

Vulnerability Description

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Archiva	< 2.2.4

Related Weaknesses (CWE)

CWE-79

References

http://archiva.apache.org/security.html#CVE-2019-0213Vendor Advisory
http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-ScriThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2019/04/30/7Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/108123Third Party AdvisoryVDB Entry
https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e
https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f469
https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fc
https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95
https://seclists.org/bugtraq/2019/Apr/47Mailing ListThird Party Advisory
http://archiva.apache.org/security.html#CVE-2019-0213Vendor Advisory
http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-ScriThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2019/04/30/7Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/108123Third Party AdvisoryVDB Entry
https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e
https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f469

FAQ

What is CVE-2019-0213?

CVE-2019-0213 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with ...

How severe is CVE-2019-0213?

CVE-2019-0213 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0213?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Archiva.