CVE-2022-40309

CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories

Vendor Apache Software Foundation
Product Apache Archiva
Published November 15, 2022
Last update April 30, 2025

CVSS base score

What the vulnerability does

Description

Users with write permissions to a repository can delete arbitrary directories.

Key dates

Disclosure timeline

November 15, 2022 CVE published
April 30, 2025 Record updated