L3Yx Of

**Name of the Vulnerable Software and Affected Versions** Apache Archiva versions prior to 2.2.9 **Description** The issue allows an anonymous user to read arbitrary files, including the database file, directly without logging in if anonymous read is enabled. **Recommendations** For Apache Archiva versions prior to 2.2.9, update to version 2.2.9 or later to resolve the issue. As a temporary workaround, consider disabling anonymous read access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Archiva versions prior to 2.2.9 **Description** The issue allows users with write permissions to a repository to delete arbitrary directories. This is a problem because it can lead to data loss and potential system instability. **Recommendations** For Apache Archiva versions prior to 2.2.9, update to version 2.2.9 or later to resolve the issue. As a temporary workaround, consider restricting write permissions to repositories to minimize the risk of exploitation.