CVE-2023-50780

CVSS V2 None CVSS V3 None
Description
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.
Overview
  • CVE ID
  • CVE-2023-50780
  • Assigner
  • apache
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-10-14T16:03:38.321Z
  • Last Modified Date
  • 2024-10-14T20:02:56.694Z
References
Reference URL Reference Tags
https://lists.apache.org/thread/63b78shqz312phsx7v1ryr7jv7bprg58 vendor-advisory
History
Created Old Value New Value Data Type Notes
2024-10-15 13:05:03 Added to TrackCVE