CVE-2023-26269
CVSS V2 None
CVSS V3 None
Description
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a
malicious local user.
Administrators are advised to disable JMX, or set up a JMX password.
Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.
Overview
- CVE ID
- CVE-2023-26269
- Assigner
- security@apache.org
- Vulnerability Status
- Modified
- Published Version
- 2023-04-03T08:15:07
- Last Modified Date
- 2023-04-18T03:15:07
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:apache:james:*:*:*:*:*:*:*:* | 1 | OR | 3.7.4 |
References
Reference URL | Reference Tags |
---|---|
http://www.openwall.com/lists/oss-security/2023/04/18/3 | |
https://lists.apache.org/thread/2z44rg93pflbjhvbwy3xtz505bx41cbs | Mailing List |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-26269 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26269 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-17 04:02:03 | Added to TrackCVE | |||
2023-04-17 04:02:07 | Weakness Enumeration | new | ||
2023-04-18 04:01:24 | 2023-04-18T03:15:07 | CVE Modified Date | updated | |
2023-04-18 04:01:24 | Analyzed | Modified | Vulnerability Status | updated |
2023-04-18 04:01:28 | Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users. | Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users. | Description | updated |
2023-04-18 04:01:32 | References | updated |