CVE-2024-38379
Apache Allura: Stored authenticated XSS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.
This issue affects Apache Allura: from 1.4.0 through 1.17.0.
Users are recommended to upgrade to version 1.17.1, which fixes the issue.
La configuración del vecindario de Apache Allura es vulnerable a un ataque XSS almacenado. Solo los administradores de vecindario pueden acceder a estas configuraciones, por lo que el alcance del riesgo se limita a configuraciones en las que no se confía plenamente en los administradores de vecindario. Este problema afecta a Apache Allura: desde 1.4.0 hasta 1.17.0. Se recomienda a los usuarios actualizar a la versión 1.17.1, que soluciona el problema.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-14 CVE Reserved
- 2024-06-22 CVE Published
- 2024-09-13 CVE Updated
- 2024-09-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lists.apache.org/thread/2lb6vp00sj2b2snpmhff5lyortxjsnrp | 2024-06-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Allura Search vendor "Apache Software Foundation" for product "Apache Allura" | >= 1.4.0 <= 1.17.0 Search vendor "Apache Software Foundation" for product "Apache Allura" and version " >= 1.4.0 <= 1.17.0" | en |
Affected
|