CVE-2024-38379 – Apache Allura’s neighborhood settings are vulnerable to a stored XSS attack. Only …

CVE-2024-38379 – Apache Allura’s neighborhood settings are vulnerable to a stored XSS attack. Only …

Vuln ID: CVE-2024-38379

Published: 2024-06-22 09:15:09.577

Description: Apache Allura’s neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.

This issue affects Apache Allura: from 1.4.0 through 1.17.0.

Users are recommended to upgrade to version 1.17.1, which fixes the issue.

Base Score: –

Vector:

Source: NVD.NIST.GOV

Date:

22 June 2024

Categorie(s):

Tag(s):

Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. – SWN #48720 June 2025
Jira tickets become attack vectors in PoC ‘living off AI’ attack20 June 2025
Anubis Ransomware Lists Disneyland Paris as New Victim20 June 2025
Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware20 June 2025
Netflix, Apple, BofA websites hijacked with fake help-desk numbers20 June 2025