Apache Archiva login service prior to 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.
master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit ggolawski Initial commit … 2a89a26 3 minutes ago Initial commit 2a89a26 Git stats 1 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 3 minutes ago View code README.md CVE-2020-9495 About No description, website, or topics provided. Resources Readme Releases No releases published
A docker image for Apache Archiva