CVE-2022-40308
maven/org.apache.archiva/archiva-webapp
Improper Access Control
If anonymous read enabled, it's possible to read the database file directly without logging in.
All versions before 2.2.9
Upgrade to version 2.2.9 or above.
2022-11-18
source |