Headline
GHSA-5hqc-x78w-3cmw: Missing Authorization in Apache Archiva
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
Missing Authorization in Apache Archiva
High severity GitHub Reviewed Published May 26, 2022 • Updated Jun 1, 2022
Related news
CVE-2022-29405: Archiva Documentation – Release Notes for Archiva 2.2.8
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8