CVE-2021-26118

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-26118
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26118.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-26118
Aliases
Related
Published
2021-01-27T19:15:13Z
Modified
2024-09-03T03:45:39.665909Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

References

Affected packages

Git / github.com/apache/activemq-artemis

Affected ranges

Type
GIT
Repo
https://github.com/apache/activemq-artemis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

1.*

1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.5.1

2.*

2.0.0
2.1.0
2.10.0
2.10.1
2.11.0
2.12.0
2.13.0
2.14.0
2.15.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.8.0
2.8.1
2.9.0