Severity: moderate Affected versions:
- Apache Archiva 2.0.0 or later Description: ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Credit: Florian Hauser, @frycos (reporter) References: https://archiva.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-27138
