CVE-2023-50780
CVSS V2 None
CVSS V3 None
Description
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE.
Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.
Overview
- CVE ID
- CVE-2023-50780
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-14T16:03:38.321Z
- Last Modified Date
- 2024-10-14T20:02:56.694Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://lists.apache.org/thread/63b78shqz312phsx7v1ryr7jv7bprg58 | vendor-advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-50780 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50780 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-10-15 13:05:03 | Added to TrackCVE |