PT-2024-21669 · Apache · Apache Archiva

Name of the Vulnerable Software and Affected Versions: Apache Archiva affected versions not specified Description: The issue is related to an Incorrect Authorization vulnerability in Apache Archiva, where a setting to disable user registration can be bypassed. Since Apache Archiva has been retire...

SUSE CVE-2016-5003

The Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element...

org.apache.archiva:archiva-artifact-converter (>=1.4-M1 <=2.1.0), org.apache.archiva:archiva-checksum (>=1.4-M1 <=2.2.10) +74 more potentially affected by CVE-2022-40308 via org.apache.archiva:archiva-common (>=1.1 <=2.2.8)

org.apache.archiva:archiva-common MAVEN version =1.1, =1.4-M1, =1.4-M1, =1.3, =1.1, =1.1, =1.4-M3, =1.1, =1.2, =1.1, =1.1, =1.4-M4, =1.1, =1.1, =1.4-M3, =1.4-M1, =2.2.10 and more Source cves: CVE-2022-40308 Source advisory: OSV:GHSA-463W-HXFV-G9F6...

PT-2022-19580 · Apache · Apache Archiva

Name of the Vulnerable Software and Affected Versions: Apache Archiva versions prior to 2.2.8 Description: The issue allows any registered user to reset the password for any other user. Recommendations: For versions prior to 2.2.8, update to version 2.2.8 to resolve the issue...