Detections
Analytics

SCA: security update for org.apache.archiva:archiva (GHSA-jxgm-9f58-w4xp)

medium Tenable Self-Hosted Container Security Plugin ID 423537

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

 - In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary
 locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run
 user has appropriate permission on the filesystem for the target file. (CVE-2019-0214)

See Also

https://github.com/advisories/GHSA-jxgm-9f58-w4xp

Plugin Details

Severity: Medium

ID: 423537

Version: Revision 1.3

Type: Local

Family: SCA Checks

Published: 3/29/2025

Updated: 1/27/2026

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS Score Source: CVE-2019-0214

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 5/14/2019

Vulnerability Publication Date: 4/30/2019

Reference Information

CVE: CVE-2019-0214

BID: 108124

cwe: CWE-20