You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Olivier Lamy <ol...@apache.org> on 2022/11/15 11:35:59 UTC
CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories
Description:
Users with write permissions to a repository can delete arbitrary directories.
Credit:
Thanks to L3yx of Syclover Security Team