Description
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
Remediation
References
https://archiva.apache.org/docs/2.2.8/release-notes.html
Related Vulnerabilities
CVE-2017-1000118 Vulnerability in maven package com.typesafe.akka:akka-http-core
CVE-2021-23445 Vulnerability in npm package datatables.net
CVE-2019-3797 Vulnerability in maven package org.springframework.data:spring-data-jpa
CVE-2020-13943 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2023-42794 Vulnerability in maven package org.apache.tomcat:tomcat-catalina