CVE-2024-27138

Опубликовано: 01 мар. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.

Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Ссылки

http://www.openwall.com/lists/oss-security/2024/03/01/4
Mailing List
https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/03/01/4
Mailing List
https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая)

EPSS

Процентиль: 50%

0.00265

Низкий

7.5 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-rv4h-m4wc-v99w