CVE-2022-40309 Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories

2022-11-1500:00:00

apache

www.cve.org

apache archiva

authenticated

user deletion

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Users with write permissions to a repository can delete arbitrary directories.

CNA Affected

[
  {
    "vendor": "Apache Software Foundation",
    "product": "Apache Archiva",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.2.8",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]