Bug 2318571 (CVE-2023-50780)
| Summary: | CVE-2023-50780 artemis: Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | asoldano, ataylor, bbaranow, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dhanak, dkreling, dosoudil, drichtar, ecerquei, fjuma, gmalinko, ibek, istudens, ivassile, iweiss, janstey, jkoops, jrokos, jross, kverlaen, lgao, mnovotny, mosmerov, msochure, msvehla, nwallace, pdelbell, pdrozd, peholase, pjindal, pmackay, pskopek, rguimara, rkieley, rmartinc, rowaters, rstancel, rstepani, smaestri, sthorger, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in Apache ActiveMQ Artemis. Affected versions of this package allow access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. This also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This issue could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2024-10-14 17:01:28 UTC
|