You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@archiva.apache.org by Olivier Lamy <ol...@apache.org> on 2022/11/15 11:35:42 UTC

CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files

Description:

If anonymous read enabled, it's possible to read the database file directly without logging in.


Credit:

Thanks to L3yx of Syclover Security Team