CVE-2024-38379

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38379

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38379.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38379

Published

2024-06-22T09:15:09.577Z

Modified

2025-11-15T21:44:54.887828Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.

This issue affects Apache Allura: from 1.4.0 through 1.17.0.

Users are recommended to upgrade to version 1.17.1, which fixes the issue.

References

Affected packages

Git / github.com/apache/allura

Affected ranges

Type: GIT
Repo: https://github.com/apache/allura
Events: Introduced

1ffd75eb78df895f05ae22fc9c5ed4262d04c285

Fixed

75e520f923c87f65026ff034e6da69d10f8d97a9

Affected versions

rel/1.*

rel/1.10.0

rel/1.11.0

rel/1.11.1

rel/1.12.0

rel/1.13.0

rel/1.14.0

rel/1.15.0

rel/1.16.0

rel/1.17.0

rel/1.4.0

rel/1.5.0

rel/1.6.0

rel/1.7.0

rel/1.8.0

rel/1.8.1

rel/1.9.0