6 matches found
Apache Archiva < 2.2.9 Multiple Vulnerabilities
Apache Archiva is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:archiva"; if...
org.apache.archiva:archiva-artifact-converter (>=1.4-M1 <=2.1.0), org.apache.archiva:archiva-checksum (>=1.4-M1 <=2.2.10) +74 more potentially affected by CVE-2022-40309 via org.apache.archiva:archiva-common (>=1.1 <=2.2.8)
org.apache.archiva:archiva-common MAVEN version =1.1, =1.4-M1, =1.4-M1, =1.3, =1.1, =1.1, =1.4-M3, =1.1, =1.2, =1.1, =1.1, =1.4-M4, =1.1, =1.1, =1.4-M3, =1.4-M1, =2.2.10 and more Source cves: CVE-2022-40309 Source advisory: OSV:GHSA-XGQ8-JQ9W-77R5...
CVE-2022-40309
Users with write permissions to a repository can delete arbitrary directories...
CVE-2022-40309 Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories
Users with write permissions to a repository can delete arbitrary directories...
CVE-2022-40309
CVE-2022-40309 affects Apache Archiva and is triggered when a user with write access to a repository can delete arbitrary directories. Public sources consistently describe the vulnerable condition as existing in Archiva versions prior to 2.2.9. The root cause is a permission/logic flaw that allow...
CVE-2022-40309 Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories
Users with write permissions to a repository can delete arbitrary directories...