Incorrect Authorization vulnerability in Apache Archiva
CVE-2024-27138

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Archiva
Vendor: CVE Published:; 1 March 2024

What is CVE-2024-27138?

An Incorrect Authorization vulnerability exists in Apache Archiva, allowing unauthorized access even when user registration is disabled. This vulnerability arises due to the software's retirement and lack of updates or support from the maintainer. Users are advised to consider migrating to a different solution or implementing isolation measures to protect their instances from untrusted access.

Affected Version(s)

Apache Archiva 2.0.0

References

https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzoh...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/03/01/4

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Feb 20, 2024

Credit

Florian Hauser, @frycos