This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<li>Upgrade to <ahref="./download.cgi"> Archiva 2.2.5 or higher</a></li>
<li>Make sure, that communication between Archiva server and browser is secure by using TLS and only certain users are assigned to admin role.</li></ul></div>
<h3><aname="CVE-2019-0213:_Apache_Archiva_XSS_may_be_stored_in_central_UI_configuration"></a><aname="CVE-2019-0213">CVE-2019-0213</a>: Apache Archiva XSS may be stored in central UI configuration</h3>
<p>It may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised. </p>