Lucene search
GoogleOSV:GHSA-RV4H-M4WC-V99WHistoryMar 01, 2024 - 6:30 p.m.
Apache Archiva Incorrect Authorization vulnerability
2024-03-0118:30:23
Google
osv.dev
8
apache archiva
incorrect authorization
user registration
bypass
no fix
migration
isolate
untrusted users
UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva.
Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Related
prion
prion
Authorization
2024-03-01 16:15:00
vulnrichment
vulnrichment
CVE-2024-27138 Apache Archiva: disabling user registration is not effective
2024-03-01 15:41:12
nvd
nvd
CVE-2024-27138
2024-03-01 16:15:45
cve
cve
CVE-2024-27138
2024-03-01 16:15:45
github
github
Apache Archiva Incorrect Authorization vulnerability
2024-03-01 18:30:23
veracode
veracode
Incorrect Authorization
2024-03-06 09:14:08
cvelist
cvelist
CVE-2024-27138 Apache Archiva: disabling user registration is not effective
2024-03-01 15:41:12