You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@archiva.apache.org by Olivier Lamy <ol...@apache.org> on 2022/11/15 11:35:42 UTC
CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files
Description:
If anonymous read enabled, it's possible to read the database file directly without logging in.
Credit:
Thanks to L3yx of Syclover Security Team