Description
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
Remediation
References
https://archiva.apache.org/docs/2.2.8/release-notes.html
Related Vulnerabilities
CVE-2020-2240 Vulnerability in maven package org.jenkins-ci.plugins:database
CVE-2020-6506 Vulnerability in npm package react-native-webview
CVE-2023-46243 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2019-10428 Vulnerability in maven package org.jenkins-ci.plugins:aqua-security-scanner
CVE-2012-0394 Vulnerability in maven package org.apache.struts.xwork:xwork-core