CVE-2019-0214 — MEDIUM (6.5)

Q: How severe is CVE-2019-0214?

CVE-2019-0214 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-0214?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Archiva.

Vulnerability Description

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Archiva	>= 1.2, <= 1.3.9

References

http://archiva.apache.org/security.html#CVE-2019-0214Vendor Advisory
http://packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-DeleMitigationThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2019/04/30/8Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/108124Third Party AdvisoryVDB Entry
https://lists.apache.org/thread.html/18b670afc2f83034f47ebeb2f797c350fe60f1f2b33
https://lists.apache.org/thread.html/239349b6dd8f66cf87a70c287b03af451dea158b776
https://lists.apache.org/thread.html/5851cb0214f22ba681fb445870eeb6b01afd1fb614e
https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fc
https://seclists.org/bugtraq/2019/Apr/48Mailing ListThird Party Advisory
http://archiva.apache.org/security.html#CVE-2019-0214Vendor Advisory
http://packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-DeleMitigationThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2019/04/30/8Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/108124Third Party AdvisoryVDB Entry
https://lists.apache.org/thread.html/18b670afc2f83034f47ebeb2f797c350fe60f1f2b33
https://lists.apache.org/thread.html/239349b6dd8f66cf87a70c287b03af451dea158b776

FAQ

What is CVE-2019-0214?

CVE-2019-0214 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva ru...

How severe is CVE-2019-0214?

CVE-2019-0214 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0214?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Archiva.