Archiva Security Vulnerabilities and Issues — Archiva CVE List

Lucene search

ApacheArchiva

3 matches found

CVE•added 2024/03/01 4:15 p.m.•88 views

CVE-2024-27139

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, w...

7.5CVSS7.5AI score0.00419EPSS

CVE•added 2024/03/01 4:15 p.m.•86 views

CVE-2024-27140

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recom...

5.4CVSS5.3AI score0.01686EPSS

CVE•added 2024/03/01 4:15 p.m.•74 views

CVE-2024-27138

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this i...

7.5CVSS7.4AI score0.00198EPSS