oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-38379: Apache Allura: Stored authenticated XSS

From: David Philip Brondsema <brondsem () apache org>
Date: Fri, 21 Jun 2024 17:49:12 +0000
Severity: moderate

Affected versions:

- Apache Allura 1.4.0 through 1.17.0

Description:

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack.  Only neighborhood admins can access these 
settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.

This issue affects Apache Allura: from 1.4.0 through 1.17.0.

Users are recommended to upgrade to version 1.17.1, which fixes the issue.

Credit:

Ömer "WASP" Akincir  (finder)

References:

https://allura.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-38379
Previous By Date Next
Previous By Thread Next

Current thread: