-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.archiva:archiva-common | maven | < 2.2.9 | 2.2.9 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks in file retrieval mechanisms. The CWE-862 (Missing Authorization) and CWE-200 (Info Disclosure) suggest functions handling file access lacked proper role/permission validation. RepositoryContentService.getFileContent is a core file retrieval endpoint, and ArchivaServletDelegate.serveFile is a low-level file-serving component. Both would require authorization checks that were likely absent for anonymous users in vulnerable versions. The database file exposure implies direct file path access was possible via these functions.
A Semantic Attack on Google Gemini - Read the Latest Research