[
https://issues.apache.org/jira/browse/ARTEMIS-5928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18062533#comment-18062533
]
ASF subversion and git services commented on ARTEMIS-5928:
----------------------------------------------------------
Commit e33e76541a4406f0772ae47e171417608616402b in artemis's branch
refs/heads/main from Justin Bertram
[ https://gitbox.apache.org/repos/asf?p=artemis.git;h=e33e76541a ]
ARTEMIS-5928 update release notes
> Refactor federation downstream packet handling
> ----------------------------------------------
>
> Key: ARTEMIS-5928
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5928
> Project: Artemis
> Issue Type: Bug
> Reporter: Justin Bertram
> Assignee: Justin Bertram
> Priority: Major
> Fix For: 2.52.0
>
>
> An unauthenticated remote attacker can use the Core protocol to force a
> target broker to establish an outbound Core federation connection to an
> attacker-controlled rogue broker. This could potentially result in message
> injection into any queue and/or message exfiltration from any queue via the
> rogue broker. This impacts environments that allow both:
> * incoming Core protocol connections from untrusted sources to the broker
> * outgoing Core protocol connections from the broker to untrusted targets
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
