GHSA-rv4h-m4wc-v99w

Опубликовано: 01 мар. 2024

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

Apache Archiva Incorrect Authorization vulnerability

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.

Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Ссылки

Пакеты

Наименование

org.apache.archiva:archiva

maven

Затронутые версииВерсия исправления

<= 2.2.10

Отсутствует

EPSS

Процентиль: 50%

0.00265

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2024-27138

Дефекты

CWE-863

Связанные уязвимости

CVE-2024-27138

CVSS3: 7.5

nvd

почти 2 года назад

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

EPSS

Процентиль: 50%

0.00265

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2024-27138

Дефекты

CWE-863