[MAVEN:GHSA-H595-VWHC-3XWX] Apache Archiva Incorrect Authorization vulnerability

Severity Moderate

Affected Packages 1

CVEs 1

** UNSUPPORTED WHEN ASSIGNED **

Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.

This issue affects Apache Archiva: from 2.0.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Package	Affected Version
pkg:maven/org.apache.archiva/archiva	>= 2.0.0, <= 2.2.10

ID: MAVEN:GHSA-H595-VWHC-3XWX
Severity: moderate
URL: https://github.com/advisories/GHSA-h595-vwhc-3xwx
Published: 2024-03-01T18:30:23
(6 months ago)
Modified: 2024-03-01T20:12:19
(6 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2024-27139
			https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981kf1bgd8
			https://github.com/advisories/GHSA-h595-vwhc-3xwx

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.archiva/archiva	org.apache.archiva	archiva	>= 2.0.0 <= 2.2.10

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date