CVE Vulnerabilities

CVE-2022-29405

Published: May 25, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8

Affected Software

Name Vendor Start Version End Version
Archiva Apache * 2.2.8 (excluding)

References