[org.apache.archiva:archiva] Missing Authorization in Apache Archiva

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-29405
• https://archiva.apache.org/docs/2.2.8/release-notes.html
• https://github.com/advisories/GHSA-5hqc-x78w-3cmw