CVE-2024-27138

Name of the Vulnerable Software and Affected Versions Apache Archiva (affected versions not specified)

Description The issue is related to an Incorrect Authorization vulnerability in Apache Archiva, where a setting to disable user registration can be bypassed. Since Apache Archiva has been retired, no fix is expected to be released for this issue. It is recommended to consider migrating to a different solution or isolating the instance from untrusted users.

Recommendations As a temporary workaround, consider isolating your Apache Archiva instance from any untrusted users. Look into migrating to a different solution to fully resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.