Apache Archiva Incorrect Authorization vulnerability
Moderate severity
GitHub Reviewed
Published
Mar 1, 2024
to the GitHub Advisory Database
•
Updated May 2, 2024
Description
Published by the National Vulnerability Database
Mar 1, 2024
Published to the GitHub Advisory Database
Mar 1, 2024
Reviewed
Mar 1, 2024
Last updated
May 2, 2024
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.
Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References