Known Vulnerabilities for Allura by Apache

Listed below are 3 of the newest known vulnerabilities associated with "Allura" by "Apache".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2019-10085	In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editin...	6.1 - MEDIUM	2019-06-19	2023-11-07
CVE-2018-1319	In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a malicious...	6.1 - MEDIUM	2018-03-15	2023-11-07
CVE-2018-1299	In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Som...	7.5 - HIGH	2018-02-06	2023-11-07

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Allura	1.9.0	All	All	All
Application	Apache	Allura	1.8.1	All	All	All
Application	Apache	Allura	1.8.0	All	All	All
Application	Apache	Allura	1.7.0	All	All	All
Application	Apache	Allura	1.6.0	All	All	All
Application	Apache	Allura	1.5.0	All	All	All
Application	Apache	Allura	1.4.0	All	All	All
Application	Apache	Allura	1.3.2	All	All	All
Application	Apache	Allura	1.3.1	All	All	All
Application	Apache	Allura	1.3.0	All	All	All
Application	Apache	Allura	1.2.1	All	All	All
Application	Apache	Allura	1.2.0	All	All	All
Application	Apache	Allura	1.11.0	All	All	All
Application	Apache	Allura	1.10.0	All	All	All
Application	Apache	Allura	1.1.0	All	All	All
Application	Apache	Allura	1.0.1	All	All	All
Application	Apache	Allura	1.0.0	rc1	All	All
Application	Apache	Allura	1.0.0	-	All	All
Application	Apache	Allura	1.0.0	All	All	All