Lucene search
K

5 matches found

CVE
CVE
added 2022/05/25 7:15 a.m.105 views

CVE-2022-29405

CVE-2022-29405 concerns Apache Archiva. Affected: Archiva; Issue: any registered user can reset the password for any user due to improper authorization. Impact stated as password reset capability for other users. Mitigation: upgrade to Archiva 2.2.8 (fix mentioned in release notes). If details va...

6.5CVSS6.4AI score0.01591EPSS
CVE
CVE
added 2022/11/15 12:0 a.m.90 views

CVE-2022-40308

CVE-2022-40308 affects Apache Archiva prior to version 2.2.9. The issue allows an unauthenticated user, when anonymous read is enabled, to read the database file directly, effectively exposing stored data. The vulnerability originates from the ability to read repository/database files without log...

7.5CVSS7.4AI score0.01192EPSS
CVE
CVE
added 2019/04/30 9:35 p.m.89 views

CVE-2019-0213

CVE-2019-0213 (Apache Archiva) affects Archiva versions prior to 2.2.4. The issue is a stored XSS vulnerability in central configuration entries (e.g., the logo URL) where an attacker with administrative access could inject JavaScript that would execute in a victim’s browser. The risk is describe...

6.5CVSS6.1AI score0.04933EPSS
CVE
CVE
added 2020/06/19 6:59 p.m.84 views

CVE-2020-9495

CVE-2020-9495 affects Apache Archiva

5.3CVSS5.4AI score0.08004EPSS
CVE
CVE
added 2022/11/15 12:0 a.m.82 views

CVE-2022-40309

CVE-2022-40309 affects Apache Archiva and is triggered when a user with write access to a repository can delete arbitrary directories. Public sources consistently describe the vulnerable condition as existing in Archiva versions prior to 2.2.9. The root cause is a permission/logic flaw that allow...

4.3CVSS4.6AI score0.01355EPSS