Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-5hqc-x78w-3cmw: Missing Authorization in Apache Archiva

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8

ghsa
#apache#git#auth

Missing Authorization in Apache Archiva

High severity GitHub Reviewed Published May 26, 2022 • Updated Jun 1, 2022

Related news

CVE-2022-29405: Archiva Documentation – Release Notes for Archiva 2.2.8

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8