Description

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.

INFO

Published Date :

2024-10-14T16:03:38.321Z

Last Modified :

2025-03-19T20:11:35.774Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2023-50780 vulnerability.

Vendors Products
Apache
  • Activemq Artemis
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-50780.

URL Resource
http://www.openwall.com/lists/oss-security/2024/10/14/2 cve-icon
https://lists.apache.org/thread/63b78shqz312phsx7v1ryr7jv7bprg58 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-50780 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-50780 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact