oss-sec mailing list archives

CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories

From: Olivier Lamy <olamy () apache org>
Date: Tue, 15 Nov 2022 11:35:59 +0000

Description:

Users with write permissions to a repository can delete arbitrary directories.

Credit:

Thanks to L3yx of Syclover Security Team

Current thread:

CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories Olivier Lamy (Nov 15)