CVE-2022-29405

CVE-2022-29405: Apache Archiva Arbitrary user password reset vulnerability

Vendor Apache Software Foundation

Product Apache Archiva

Published May 25, 2022

Last update August 3, 2024

CVSS base score

—

What the vulnerability does

Description

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8

Key dates

May 25, 2022 CVE published

August 3, 2024 Record updated