GHSA-q7fr-vqhq-v5xr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q7fr-vqhq-v5xr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-q7fr-vqhq-v5xr/GHSA-q7fr-vqhq-v5xr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q7fr-vqhq-v5xr
- Aliases
- Published
- 2021-06-16T17:39:05Z
- Modified
- 2024-02-16T08:13:39.562110Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Apache ActiveMQ Artemis vulnerable to Improper Access Control
- Details
-
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.
- Database specific
{ "nvd_published_at": "2021-01-27T19:15:00Z", "cwe_ids": [ "CWE-284", "CWE-287" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-04-05T23:06:41Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-26118
- https://github.com/apache/activemq-artemis/commit/e5566d52116d81611d914548adc3cbb14d7118d4
- https://github.com/apache/activemq-artemis
- https://lists.apache.org/thread.html/rafd5d7cf303772a0118865262946586921a65ebd98fc24f56c812574@%3Cannounce.apache.org%3E
- https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E
- https://security.netapp.com/advisory/ntap-20210827-0002
Affected packages
Maven / org.apache.activemq:artemis-openwire-protocol
Package
- Name
- org.apache.activemq:artemis-openwire-protocol
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.activemq/artemis-openwire-protocol