CVE-2024-27139

Опубликовано: 01 мар. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

** UNSUPPORTED WHEN ASSIGNED **

Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.

This issue affects Apache Archiva: from 2.0.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Ссылки

http://www.openwall.com/lists/oss-security/2024/03/01/3
Mailing List
https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981kf1bgd8
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/03/01/3
Mailing List
https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981kf1bgd8
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая)

EPSS

Процентиль: 68%

0.00561

Низкий

7.5 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-h595-vwhc-3xwx

CVSS3: 7.5

github

почти 2 года назад

Apache Archiva Incorrect Authorization vulnerability

BDU:2024-02726

CVSS3: 9.1

fstec