CVE-2024-27139

Name of the Vulnerable Software and Affected Versions Apache Archiva versions 2.0.0 and later

Description The issue is related to an Incorrect Authorization vulnerability in Apache Archiva, allowing an unauthenticated attacker to modify account data, potentially leading to account takeover. This vulnerability can be exploited by a remote attacker to gain access to a user's account.

Recommendations As the project is retired and no fix will be released, users are recommended to find an alternative to Apache Archiva. Restrict access to the instance to trusted users to minimize the risk of exploitation.