CVE-2024-27138

CWE-863Incorrect Authorization4 documents4 sources
Severity
7.5HIGH
EPSS
0.3%
top 49.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache ArchivaApache Archiva
Timeline
PublishedMar 1

Description

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users. NOTE: This vulnerability only affects products that are no longer supporte

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

3
GHSA
Apache Archiva Incorrect Authorization vulnerability2024-03-01
CVEList
Apache Archiva: disabling user registration is not effective2024-03-01
OSV
Apache Archiva Incorrect Authorization vulnerability2024-03-01
CVE-2024-27138 (HIGH CVSS 7.5) | ** UNSUPPORTED WHEN ASSIGNED ** Inc | cvebase.io