Archiva@* Security Vulnerabilities and Issues — Archiva@* CVE List

Lucene search

ApacheArchiva*

5 matches found

CVE•added 2022/05/25 8:15 a.m.•91 views

CVE-2022-29405

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8

6.5CVSS6.4AI score0.01444EPSS

CVE•added 2022/11/15 1:15 p.m.•74 views

CVE-2022-40308

If anonymous read enabled, it's possible to read the database file directly without logging in.

7.5CVSS7.4AI score0.00289EPSS

CVE•added 2020/06/19 7:15 p.m.•71 views

CVE-2020-9495

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. ...

5.3CVSS5.4AI score0.27485EPSS

CVE•added 2019/04/30 10:29 p.m.•67 views

CVE-2019-0213

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva s...

6.5CVSS6.1AI score0.00611EPSS

CVE•added 2022/11/15 1:15 p.m.•66 views

CVE-2022-40309

Users with write permissions to a repository can delete arbitrary directories.

4.3CVSS4.6AI score0.00226EPSS