Back to bug 1892384
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jonathan Christison | 2020-10-28 15:31:23 UTC | CC | security-response-team | |
| Jonathan Christison | 2020-10-28 15:33:23 UTC | Blocks | 1891127 | |
| Jonathan Christison | 2021-01-27 10:20:21 UTC | Summary | EMBARGOED AMQ Broker 7: OpenWire can create destinations with an unpriviledged user | EMBARGOED CVE-2021-26118 AMQ Broker 7: OpenWire can create destinations with an unpriviledged user |
| Alias | CVE-2021-26118 | |||
| Jonathan Christison | 2021-01-27 11:10:52 UTC | Fixed In Version | activemq-artemis-2.16.0 redhat-amq-7.8.0 | |
| Jonathan Christison | 2021-01-27 11:52:17 UTC | Deadline | 2020-10-28 | |
| Jonathan Christison | 2021-02-11 13:52:48 UTC | Priority | medium | high |
| Doc Text | It was found that the AMQ 7 broker allows users using the OpenWire protocol to bypass usual permissions checks, this can allow an unprivileged user to create queues without verifying the role. | |||
| Severity | medium | high | ||
| RaTasha Tillery-Smith | 2021-02-11 14:15:53 UTC | Doc Text | It was found that the AMQ 7 broker allows users using the OpenWire protocol to bypass usual permissions checks, this can allow an unprivileged user to create queues without verifying the role. | A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity. |
| RaTasha Tillery-Smith | 2021-02-11 14:16:26 UTC | Doc Text | A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity. | A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity. |
| Jonathan Christison | 2021-02-11 15:31:11 UTC | Group | security, qe_staff | |
| Deadline | 2020-10-28 | |||
| Summary | EMBARGOED CVE-2021-26118 AMQ Broker 7: OpenWire can create destinations with an unpriviledged user | CVE-2021-26118 AMQ Broker 7: OpenWire can create destinations with an unpriviledged user | ||
| Red Hat Bugzilla | 2023-07-07 08:35:51 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody |
Back to bug 1892384