===================================================================== CERT-Renater Note d'Information No. 2024/VULN136 _____________________________________________________________________ DATE : 21/03/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache Archiva. ===================================================================== https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981kf1bgd8 https://lists.apache.org/thread/sgy26lo3m0cv9lzpn414hhv2n17srgt2 https://lists.apache.org/thread/rdssfwdcq3ppk8y4p4zsjtns6skk92x2 _____________________________________________________________________ CVE-2024-27139: Apache Archiva: incorrect authentication potentially leading to account takeover Posted to announce@apache.org Arnout Engelen - vendredi 1 mars 2024 11:44:00 UTC+1 Severity: important Affected versions: - Apache Archiva 2.0.0 or later Description: ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Credit: 1uHrm of cyberkl (reporter) References: https://archiva.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-27139 _____________________________________________________________________ CVE-2024-27140: Apache Archiva: reflected XSS Severity: moderate Affected versions: - Apache Archiva 2.0.0 or later Description: ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Credit: sandr0 / Sandro Bauer (sandr0.xyz) (finder) BTullis / Ben Tullis (wikimedia.org) (finder) sbassett / Scott Bassett (wikimedia.org) (finder) L0ne1y (finder) References: https://attic.apache.org/projects/archiva.html https://www.cve.org/CVERecord?id=CVE-2024-27140 _____________________________________________________________________ CVE-2024-27138: Apache Archiva: disabling user registration is not effective Severity: moderate Affected versions: - Apache Archiva 2.0.0 or later Description: ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Credit: Florian Hauser, @frycos (reporter) References: https://archiva.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-27138 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================