5 matches found
CVE-2022-29405
CVE-2022-29405 concerns Apache Archiva. Affected: Archiva; Issue: any registered user can reset the password for any user due to improper authorization. Impact stated as password reset capability for other users. Mitigation: upgrade to Archiva 2.2.8 (fix mentioned in release notes). If details va...
CVE-2022-40308
CVE-2022-40308 affects Apache Archiva prior to version 2.2.9. The issue allows an unauthenticated user, when anonymous read is enabled, to read the database file directly, effectively exposing stored data. The vulnerability originates from the ability to read repository/database files without log...
CVE-2019-0213
CVE-2019-0213 (Apache Archiva) affects Archiva versions prior to 2.2.4. The issue is a stored XSS vulnerability in central configuration entries (e.g., the logo URL) where an attacker with administrative access could inject JavaScript that would execute in a victim’s browser. The risk is describe...
CVE-2020-9495
CVE-2020-9495 affects Apache Archiva
CVE-2022-40309
CVE-2022-40309 affects Apache Archiva and is triggered when a user with write access to a repository can delete arbitrary directories. Public sources consistently describe the vulnerable condition as existing in Archiva versions prior to 2.2.9. The root cause is a permission/logic flaw that allow...