CVE-2019-0214

MEDIUM

Apache Archiva <2.2.3 - Path Traversal

Title source: llm
STIX 2.1

Description

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

Scores

CVSS v3 6.5
EPSS 0.0487
EPSS Percentile 91.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (2)
apache/archiva 1.2 - 1.3.9
org.apache.archiva/archiva 2.2.0 - 2.2.4Maven
Published Apr 30, 2019
Tracked Since Feb 18, 2026