(activemq-website) branch asf-site updated: Automatic Site Publish by Buildbot

Mon, 31 Mar 2025 07:54:17 -0700 

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 1077fb376 Automatic Site Publish by Buildbot
1077fb376 is described below

commit 1077fb376233a114b03cfbe784b40ee3f286dac6
Author: buildbot <[email protected]>
AuthorDate: Mon Mar 31 14:54:09 2025 +0000

    Automatic Site Publish by Buildbot
---
 .../CVE-2025-27427-announcement.txt                | 28 ++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/output/security-advisories.data/CVE-2025-27427-announcement.txt 
b/output/security-advisories.data/CVE-2025-27427-announcement.txt
new file mode 100644
index 000000000..921b572cb
--- /dev/null
+++ b/output/security-advisories.data/CVE-2025-27427-announcement.txt
@@ -0,0 +1,28 @@
+Affected versions:
+
+- Apache ActiveMQ Artemis 2.0.0 through 2.39.0
+
+Description:
+
+A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the 
createDurableQueue or createNonDurableQueue permission on an address can 
augment the routing-type supported by that address even if said user doesn't 
have the createAddress permission for that particular address. When combined 
with the send permission and automatic queue creation a user could successfully 
send a message with a routing-type not supported by the address when that 
message should actually be rejected o [...]
+
+This issue affects Apache ActiveMQ Artemis from 2.0.0 through 2.39.0.
+
+Users are recommended to upgrade to version 2.40.0 which fixes the issue.
+
+This issue is being tracked as ARTEMIS-5346 
+
+Credit:
+
+Eojin Lee <[email protected]> (reporter)
+Dain Lee <[email protected]> (finder)
+WooJin Park <[email protected]> (finder)
+MinJung Lee <[email protected]> (finder)
+SeChang Oh <[email protected]> (finder)
+
+References:
+
+https://lists.apache.org/thread/8dzlm2vkqphyrnkrby8r8kzndsm5o6x8
+https://activemq.apache.org/
+https://www.cve.org/CVERecord?id=CVE-2025-27427
+https://issues.apache.org/jira/browse/ARTEMIS-5346


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to