Apache Allura

6 CVEs affecting Apache Allura. Latest disclosed: 2024-06-22. Critical: 0, High: 2.

Top CVEs affecting Apache Allura
CVESeverityScorePublishedSummary
CVE-2024-36471High7.52024-06-10Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.  Project administrators can run these imports, whic…
CVE-2018-1299High7.52018-02-06In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, suc…
CVE-2019-10085Medium6.12019-06-19In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a…
CVE-2018-1319Medium6.12018-03-15In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results m…
CVE-2023-46851Medium4.92023-11-07Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could c…
CVE-2024-38379Medium4.82024-06-22Apache Allura's neighborhood settings are vulnerable to a stored XSS attack.  Only neighborhood admins can access these settings, so the scope of risk is limit…