CVE-2022-40309Missing Authorization in Apache Archiva

CWE-862Missing Authorization4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
1.1%
top 21.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache ArchivaApache Software Foundation Apache Archiva
Timeline
PublishedNov 15

Description

Users with write permissions to a repository can delete arbitrary directories.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDapache/archiva< 2.2.9
CVEListV5apache_software_foundation/apache_archivaunspecified2.2.8

🔴Vulnerability Details

3
CVEList
Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories2022-11-15
OSV
Apache Archiva subject to arbitrary directory deletion by users.2022-11-15
GHSA
Apache Archiva subject to arbitrary directory deletion by users.2022-11-15
CVE-2022-40309 — Missing Authorization in Apache | cvebase