Unauthorized Access to Account Data in Apache Archiva
CVE-2024-27139

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Archiva
Vendor: CVE Published:; 1 March 2024

Summary

An unauthorized access vulnerability has been identified in Apache Archiva, allowing unauthenticated attackers the potential to modify account data. This could lead to account takeover incidents. Given that Apache Archiva is no longer maintained, there are no plans for a security update to mitigate this issue. Users are advised to consider alternative solutions or limit access to their Archiva instances to only trusted users to prevent exploitation.

Affected Version(s)

Apache Archiva 2.0.0

References

https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/03/01/3

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Feb 20, 2024

Credit

1uHrm of cyberkl