Lucene search

GitHub Advisory DatabaseGHSA-XGQ8-JQ9W-77R5

HistoryNov 15, 2022 - 7:00 p.m.

Apache Archiva subject to arbitrary directory deletion by users.

2022-11-1519:00:52

CWE-862

GitHub Advisory Database

github.com

apache archiva

arbitrary deletion

user permissions

software security

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

22.9%

JSON

Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories. Users with write permissions to a repository can delete arbitrary directories.

Affected configurations

Vulners

Node

org.apache.archivaarchiva-commonRange<2.2.9

VendorProductVersionCPE
org.apache.archivaarchiva-common*cpe:2.3:a:org.apache.archiva:archiva-common:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.archiva	archiva-common	*	cpe:2.3:a:org.apache.archiva:archiva-common::::::::

References

www.openwall.com/lists/oss-security/2022/11/15/3

github.com/advisories/GHSA-xgq8-jq9w-77r5

lists.apache.org/thread/1odl4p85r96n27k577jk6ftrp19xfc27

nvd.nist.gov/vuln/detail/CVE-2022-40309

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

22.9%

JSON

Related for GHSA-XGQ8-JQ9W-77R5