This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new b8a0b353c Automatic Site Publish by Buildbot
b8a0b353c is described below
commit b8a0b353c678987a8d98cbf850aeb236a7d72f43
Author: buildbot <[email protected]>
AuthorDate: Thu Apr 10 10:34:46 2025 +0000
Automatic Site Publish by Buildbot
---
output/components/artemis/security.html | 1 +
.../CVE-2025-27391-announcement.txt | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/output/components/artemis/security.html
b/output/components/artemis/security.html
index 11ff7c42b..c77433e20 100644
--- a/output/components/artemis/security.html
+++ b/output/components/artemis/security.html
@@ -98,6 +98,7 @@
<p>See the main <a href="../../security-advisories">Security Advisories</a>
page for details for other components and general information such as reporting
new security issues.</p>
<ul>
+ <li><a
href="../../security-advisories.data/CVE-2025-27391-announcement.txt">CVE-2025-27391</a>
- Passwords leaking from broker properties in the debug log</li>
<li><a
href="../../security-advisories.data/CVE-2025-27427-announcement.txt">CVE-2025-27427</a>
- Address routing-type can be updated by user without the createAddress
permission</li>
<li><a
href="../../security-advisories.data/CVE-2023-50780-announcement.txt">CVE-2023-50780</a>
- Authenticated users could perform RCE via Jolokia MBeans</li>
<li><a
href="../../security-advisories.data/CVE-2022-35278-announcement.txt">CVE-2022-35278</a>
- HTML Injection in ActiveMQ Artemis Web Console</li>
diff --git a/output/security-advisories.data/CVE-2025-27391-announcement.txt
b/output/security-advisories.data/CVE-2025-27391-announcement.txt
new file mode 100644
index 000000000..6bc2aa3d8
--- /dev/null
+++ b/output/security-advisories.data/CVE-2025-27391-announcement.txt
@@ -0,0 +1,21 @@
+Affected versions:
+
+- Apache ActiveMQ Artemis 1.5.1 before 2.40.0
+
+Description:
+
+Insertion of Sensitive Information into Log File vulnerability in Apache
ActiveMQ Artemis. All the values of the broker properties are logged when the
org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the
debug level enabled.
+
+This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can
be mitigated by restricting log access to only trusted users.
+
+Users are recommended to upgrade to version 2.40.0, which fixes the issue.
+
+Credit:
+
+Rafael Yanez Illescas <[email protected]> (finder)
+
+References:
+
+https://lists.apache.org/thread/25p96cvzl1mkt29lwm2d8knklkoqolps
+https://activemq.apache.org/
+https://www.cve.org/CVERecord?id=CVE-2025-27391
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
