** UNSUPPORTED WHEN ASSIGNED **

Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.

This issue affects Apache Archiva: from 2.0.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00321}

epss

{'score': 0.00419}


Wed, 28 May 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache archiva
CPEs cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache archiva

Thu, 13 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache Software Foundation
Apache Software Foundation apache Archiva
CPEs cpe:2.3:a:apache_software_foundation:apache_archiva:*:*:*:*:*:*:*:*
Vendors & Products Apache Software Foundation
Apache Software Foundation apache Archiva
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 13 Feb 2025 17:45:00 +0000

Type Values Removed Values Added
Description ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-04-16T20:47:27.623Z

Reserved: 2024-02-20T15:54:30.546Z

Link: CVE-2024-27139

cve-icon Vulnrichment

Updated: 2024-08-02T00:27:59.393Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-01T16:15:46.067

Modified: 2025-05-28T19:54:51.280

Link: CVE-2024-27139

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.