Bug 1848045 (CVE-2020-1941)
Summary: | CVE-2020-1941 activemq: Cross-site scripting in webconsole admin GUI | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aboyko, agrimm, aileenc, akoufoud, alazarot, almorale, anstephe, asoldano, atangrin, ataylor, bbaranow, bmaxwell, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dblechte, dfediuck, dkreling, dosoudil, drieden, eedri, etirelli, extras-orphan, ganandan, ggaughan, gmalinko, gvarsami, ibek, iweiss, janstey, java-sig-commits, jawilson, jcoleman, jochrist, jperkins, jstastny, jwon, kconner, krathod, kverlaen, kwills, ldimaggi, lgao, mgoldboi, michal.skrivanek, mnovotny, msochure, msvehla, nwallace, paradhya, pdrozd, pjindal, pmackay, psotirop, puntogil, rguimara, rrajasek, rstancel, rsvoboda, rsynek, rwagner, sbonazzo, sdaley, sherold, smaestri, s, sthorger, tcunning, tkirby, tmielke, tom.jenkinson, vkamble, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | activemq-5.15.12, activemq-5.15.13 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in activemq. The webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-08-13 15:15:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1848046 |
Description
Pedro Sampaio
2020-06-17 14:51:24 UTC
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse 6 * Red Hat JBoss A-MQ 6 * Red Hat JBoss Fuse Service Works 6 * Red Hat JBoss Data Grid 7 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details RHV consumes from EAP7 channels which are not affected, hence RHV is also not affected. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1941 |