Atlas hosted ASpace servers and recent Jetty security issue report
A vulnerability was recently reported regarding ArchivesSpace and an older version of the included component Jetty. Based on the information provided to Atlas Systems from ArchivesSpace.org, the identified vulnerability affects ASpace sites that are using the PUI with password protection. If someone without the password has a direct link into the ASpace PUI, they may be able to bypass the authentication, revealing the information. Atlas Systems has identified and contacted potentially affected hosted sites. If you have not been contacted, your Atlas hosted system is not impacted with no action needed.
The reported issue is logged in the ASpace JIRA site as ANW-1437.
Please sign in to leave a comment.