Back to search
CVE-2019-0214
Published: Apr 30, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.
| Vendor | Product | Versions |
|---|---|---|
Apache | Apache Archiva | affected All versions prior to version 2.2.4 |
References
[maven-users] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server
mailing-list
x_refsource_MLIST
[archiva-users] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server
mailing-list
x_refsource_MLIST
20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server
mailing-list
x_refsource_BUGTRAQ
[oss-security] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server
mailing-list
x_refsource_MLIST
http://archiva.apache.org/security.html#CVE-2019-0214
x_refsource_CONFIRM
[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0
mailing-list
x_refsource_MLIST
108124
vdb-entry
x_refsource_BID
[announce] 20190430 [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now