VYPR
Unrated severityNVD Advisory· Published Jun 22, 2024· Updated Mar 19, 2025

Apache Allura: Stored authenticated XSS

CVE-2024-38379

Description

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack.  Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.

This issue affects Apache Allura: from 1.4.0 through 1.17.0.

Users are recommended to upgrade to version 1.17.1, which fixes the issue.

Affected products

2
  • Apache/Allurallm-fuzzy
    Range: >=1.4.0, <=1.17.0
  • Apache Software Foundation/Apache Allurav5
    Range: 1.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.