oss-sec mailing list archives
CVE-2024-27138: Apache Archiva: disabling user registration is not effective
From: Arnout Engelen <engelen () apache org>
Date: Fri, 01 Mar 2024 10:44:35 +0000
Severity: moderate Affected versions: - Apache Archiva 2.0.0 or later Description: ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Credit: Florian Hauser, @frycos (reporter) References: https://archiva.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-27138
Current thread:
- CVE-2024-27138: Apache Archiva: disabling user registration is not effective Arnout Engelen (Mar 01)