Lucene search
GitHub Advisory DatabaseGHSA-463W-HXFV-G9F6HistoryNov 15, 2022 - 7:00 p.m.
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
2022-11-1519:00:52
CWE-200
CWE-862
GitHub Advisory Database
github.com
11
apache
archiva
sensitive data
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
47.6%
Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files. If anonymous read enabled, it’s possible to read the database file directly without logging in.
Affected configurations
Node
org.apache.archivaarchiva-commonRange<2.2.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.apache.archiva | archiva-common | * | cpe:2.3:a:org.apache.archiva:archiva-common:*:*:*:*:*:*:*:* |
Related
osv
osv
CVE-2022-40308
2022-11-15 13:15:10
cve
cve
CVE-2022-40308
2022-11-15 13:15:10
prion
prion
Design/Logic Flaw
2022-11-15 13:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-40308
2022-11-15 13:15:10
openvas
openvas
Apache Archiva < 2.2.9 Multiple Vulnerabilities
2022-11-16 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
47.6%
Related for GHSA-463W-HXFV-G9F6