GHSA-7qm4-p377-fr2r

Source

https://github.com/advisories/GHSA-7qm4-p377-fr2r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7qm4-p377-fr2r/GHSA-7qm4-p377-fr2r.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7qm4-p377-fr2r

Aliases

CVE-2017-15709

Published

2022-05-13T01:11:29Z

Modified

2024-02-16T08:10:24.193433Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

ActiveMQ's OpenWire protocol exposes certain system details as plain text

Details

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

Database specific

{
    "nvd_published_at": "2018-02-13T20:29:00Z",
    "severity": "LOW",
    "github_reviewed_at": "2022-11-22T19:42:50Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Maven

org.apache.activemq:activemq-openwire-generator

Package

Name: org.apache.activemq:activemq-openwire-generator; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-openwire-generator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.14.0

Fixed

5.15.3

Affected versions

5.*

5.14.0

5.14.1

5.14.2

5.14.3

5.14.4

5.14.5

5.15.0

5.15.1

5.15.2

org.apache.activemq:activemq-parent

Package

Name: org.apache.activemq:activemq-parent; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.0

Fixed

5.15.3

Affected versions

5.*

5.15.0

5.15.1

5.15.2

org.apache.activemq:activemq-parent

Package

Name: org.apache.activemq:activemq-parent; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.14.0

Fixed

5.14.6

Affected versions

5.*

5.14.0

5.14.1

5.14.2

5.14.3

5.14.4

5.14.5