Skip to content

Apache Archiva Incorrect Authorization vulnerability

Moderate severity GitHub Reviewed Published Mar 1, 2024 to the GitHub Advisory Database • Updated May 2, 2024

Package

maven org.apache.archiva:archiva (Maven)

Affected versions

<= 2.2.10

Patched versions

None

Description

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.

Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References

Published by the National Vulnerability Database Mar 1, 2024
Published to the GitHub Advisory Database Mar 1, 2024
Reviewed Mar 1, 2024
Last updated May 2, 2024

Severity

Moderate

Weaknesses

CVE ID

CVE-2024-27138

GHSA ID

GHSA-rv4h-m4wc-v99w

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.