=====================================================================

                               CERT-Renater

                    Note d'Information No. 2023/VULN126

_____________________________________________________________________

DATE                : 29/03/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Archiva.

=====================================================================
https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt
_____________________________________________________________________

n/a: CVE-2023-28158: Apache Archiva privilege escalation

Description:

Privilege escalation via stored XSS using the file upload service to
upload malicious content.

The issue can be exploited only by authenticated users which can
create directory name to inject some XSS content and gain some
privileges such admin user.


This issue is being tracked as n/a
Credit:

sandr0 (sandr0.xyz)  (finder)

References:

https://archiva.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-28158
https://issues.apache.org/jira/browse/n/a


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================