GHSA-9mgm-gcq8-86wq

Source

https://github.com/advisories/GHSA-9mgm-gcq8-86wq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-9mgm-gcq8-86wq/GHSA-9mgm-gcq8-86wq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9mgm-gcq8-86wq

Aliases

Published

2021-06-16T17:39:35Z

Modified

2024-03-14T21:50:07.286160Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Improper Authentication in Apache ActiveMQ and Apache Artemis

Details

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

References

Affected packages

Maven / org.apache.activemq:activemq-parent

Package

Name: org.apache.activemq:activemq-parent; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.16.1

Affected versions

5.*

5.16.0

Maven / org.apache.activemq:activemq-parent

Package

Name: org.apache.activemq:activemq-parent; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.14

Affected versions

4.*

4.1.1

4.1.2

5.*

5.0.0

5.1.0

5.2.0

5.3.0

5.3.1

5.3.2

5.4.0

5.4.1

5.4.2

5.4.3

5.5.0

5.5.1

5.6.0

5.7.0

5.8.0

5.9.0

5.9.1

5.10.0

5.10.1

5.10.2

5.11.0

5.11.1

5.11.2

5.11.3

5.11.4

5.12.0

5.12.1

5.12.2

5.12.3

5.13.0

5.13.1

5.13.2

5.13.3

5.13.4

5.13.5

5.14.0

5.14.1

5.14.2

5.14.3

5.14.4

5.14.5

5.15.0

5.15.1

5.15.2

5.15.3

5.15.4

5.15.5

5.15.6

5.15.7

5.15.8

5.15.9

5.15.10

5.15.11

5.15.12

5.15.13

Maven / org.apache.activemq:apache-artemis

Package

Name: org.apache.activemq:apache-artemis; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/apache-artemis

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.0

Affected versions

1.*

1.0.0

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.4.0

2.5.0

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.7.0

2.8.0

2.8.1

2.9.0

2.10.0

2.10.1

2.11.0

2.12.0

2.13.0

2.14.0

2.15.0