[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read ar
From:       Olivier Lamy <olamy () apache ! org>
Date:       2022-11-15 11:35:42
Message-ID: a67241ba-4fe9-6eec-6b1a-0ee43405fc1d () apache ! org
[Download RAW message or body]

Description:

If anonymous read enabled, it's possible to read the database file directly=
 without logging in.


Credit:

Thanks to L3yx of Syclover Security Team

[prev in list] [next in list] [prev in thread] [next in thread]