UBUNTU-CVE-2021-26118

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-26118

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-26118.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-26118

Related

CVE-2021-26118

Published

2021-01-27T19:15:00Z

Modified

2024-10-15T14:08:03Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

References

Affected packages

Ubuntu:Pro:16.04:LTS / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.6.0+dfsg1-4+deb8u1ubuntu1

5.6.0+dfsg1-5

5.13.2+dfsg-2

5.13.2+dfsg-2ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.14.5-3

5.15.2-2

5.15.3-2

5.15.8-2~18.04

5.15.8-2~18.04.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.10-1

5.15.11-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.16.1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}