[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read ar
From: Olivier Lamy <olamy () apache ! org>
Date: 2022-11-15 11:35:42
Message-ID: a67241ba-4fe9-6eec-6b1a-0ee43405fc1d () apache ! org
[Download RAW message or body]
Description:
If anonymous read enabled, it's possible to read the database file directly=
without logging in.
Credit:
Thanks to L3yx of Syclover Security Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic