You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Olivier Lamy <ol...@apache.org> on 2022/11/15 11:35:59 UTC

CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories

Description:

Users with write permissions to a repository can delete arbitrary directories.

Credit:

Thanks to L3yx of Syclover Security Team