** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.
Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2024/03/01/4 | Mailing List |
https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2 | Mailing List Vendor Advisory |
http://www.openwall.com/lists/oss-security/2024/03/01/4 | Mailing List |
https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2 | Mailing List Vendor Advisory |
Configurations
History
28 May 2025, 19:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:* | |
First Time |
Apache
Apache archiva |
|
References | () http://www.openwall.com/lists/oss-security/2024/03/01/4 - Mailing List | |
References | () https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2 - Mailing List, Vendor Advisory |
13 Feb 2025, 18:17
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
21 Nov 2024, 09:03
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/03/01/4 - | |
References | () https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2 - |
21 Aug 2024, 21:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
01 May 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-01 16:15
Updated : 2025-05-28 19:55
NVD link : CVE-2024-27138
Mitre link : CVE-2024-27138
CVE.ORG link : CVE-2024-27138
JSON object : View
Products Affected
apache
- archiva
CWE
CWE-863
Incorrect Authorization