CVE-2023-50780

EPSS 0.25%
Veröffentlicht 14.10.2024 16:15:03
Zuletzt bearbeitet 19.03.2025 21:15:35
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE.


Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Activemq Artemis Version < 2.29.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.479

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://lists.apache.org/thread/63b78shqz312phsx7v1ryr7jv7bprg58

Vendor Advisory

Mailing List

Issue Tracking

http://www.openwall.com/lists/oss-security/2024/10/14/2

https://nvd.nist.gov/vuln/detail/CVE-2023-50780

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50780

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50780

EUVD