This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 148b43f5e Automatic Site Publish by Buildbot
148b43f5e is described below
commit 148b43f5e15a5edcfd9bb38103ee52bbff627bda
Author: buildbot <[email protected]>
AuthorDate: Mon Oct 14 16:19:48 2024 +0000
Automatic Site Publish by Buildbot
---
.../CVE-2023-50780-announcement.txt | 24 ++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/output/security-advisories.data/CVE-2023-50780-announcement.txt
b/output/security-advisories.data/CVE-2023-50780-announcement.txt
new file mode 100644
index 000000000..c012cd921
--- /dev/null
+++ b/output/security-advisories.data/CVE-2023-50780-announcement.txt
@@ -0,0 +1,24 @@
+Severity: moderate
+
+Affected versions:
+
+- Apache ActiveMQ Artemis before 2.29.0
+
+Description:
+
+Apache ActiveMQ Artemis allows access to diagnostic information and controls
through MBeans, which are also exposed through the authenticated Jolokia
endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This
MBean is not meant for exposure to non-administrative users. This could
eventually allow an authenticated attacker to write arbitrary files to the
filesystem and indirectly achieve RCE.
+
+
+Users are recommended to upgrade to version 2.29.0 or later, which fixes the
issue.
+
+This issue is being tracked as ARTEMIS-4150
+
+Credit:
+
+Matei "Mal" Badanoiu (finder)
+
+References:
+
+https://activemq.apache.org/
+https://www.cve.org/CVERecord?id=CVE-2023-50780
+https://issues.apache.org/jira/browse/ARTEMIS-4150
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
