CVE-2024-27138

2024-03-0116:15:45

CWE-863

[email protected]

web.nvd.nist.gov

apache archiva

incorrect authorization

vulnerability

bypassing restriction

user registration

unsupported

retired

isolation

untrusted users

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva.

Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer