2 matches found
CVE-2024-27138
CVE-2024-27138 concerns an Incorrect Authorization vulnerability in Apache Archiva. The affected software is Apache Archiva (retired/no longer maintained). The issue arises from a configuration that disables user registration, which can be bypassed, allowing unauthorized users to register or acce...
CVE-2024-27138 Apache Archiva: disabling user registration is not effective
UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue...