Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-38379


Apache Allura's neighborhood settings are vulnerable to a stored XSS attack.  Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue.


Published

2024-06-22T09:15:09.577

Last Modified

2025-03-19T15:15:47.657

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-79

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache allura < 1.17.1 Yes

References