CVE-2022-40308

CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files

Vendor Apache Software Foundation
Product Apache Archiva
Published November 15, 2022
Last update April 30, 2025

CVSS base score

What the vulnerability does

Description

If anonymous read enabled, it's possible to read the database file directly without logging in.

Key dates

Disclosure timeline

November 15, 2022 CVE published
April 30, 2025 Record updated