CVE-2022-29405
published 2022-05-25CVE-2022-29405: In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | archiva | < 2.2.8 | 2.2.8 |
| apache_software_foundation | apache_archiva | 2.2 – 2.2.7 | — |