High severity7.5NVD Advisory· Published Feb 6, 2018· Updated Jun 17, 2026
CVE-2018-1299
CVE-2018-1299
Description
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Apache Software Foundation/Apache Allurav5Range: 1.0.0 to 1.7.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.