CVE-2022-29405

Summary

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Archiva2.2 <= 2.2.7affected

Weaknesses

  • Apache Archiva Arbitrary user password reset vulnerability

ADP Enrichment

CVE Program Container

Additional References

References