CVE-2023-50780

EPSS 0.25%
Published 14.10.2024 16:15:03
Last modified 19.03.2025 21:15:35
Source security@apache.org
Teams watchlist Login
Open Login

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE.


Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Activemq Artemis Version < 2.29.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.479

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://lists.apache.org/thread/63b78shqz312phsx7v1ryr7jv7bprg58

Vendor Advisory

Mailing List

Issue Tracking

http://www.openwall.com/lists/oss-security/2024/10/14/2

https://nvd.nist.gov/vuln/detail/CVE-2023-50780

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50780

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50780

EUVD