-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.archiva:archiva | maven | < 2.2.8 | 2.2.8 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks in user password reset functionality. Based on Apache Archiva's architecture and Redback integration, the UserService.resetPassword and UserManager.updateUser are prime candidates. These functions would handle password changes and user updates, respectively. The absence of explicit authorization checks in these methods (before the patch) allowed any authenticated user to reset passwords. The medium confidence reflects inference from the vulnerability description and typical code patterns, as the exact patch details are unavailable.
Ongoing coverage of React2Shell