GHSA-5xvc-rwv8-86p7

Опубликовано: 26 мар. 2024

Источник: github

Github: Прошло ревью

CVSS3: 7.2

Описание

Ignite Realtime Openfire privilege escalation vulnerability

An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2024-25420
https://github.com/igniterealtime/Openfire/pull/2411
https://github.com/igniterealtime/Openfire/commit/5c022bfa82d71d1710381ab395b100cdbcb8f310
https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java
https://github.com/igniterealtime/Openfire/releases/tag/v4.8.1
https://igniterealtime.atlassian.net/browse/OF-2758
https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421
https://www.igniterealtime.org/projects/openfire

Пакеты

Наименование

org.igniterealtime.openfire:xmppserver

maven

Затронутые версииВерсия исправления

< 4.8.1

4.8.1

EPSS

Процентиль: 82%

0.01769

Низкий

7.2 High

CVSS3

CVE ID

CVE-2024-25420

Дефекты

CWE-273

CWE-863

Связанные уязвимости

CVE-2024-25420

CVSS3: 7.2

nvd

почти 2 года назад

An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.

EPSS

Процентиль: 82%

0.01769

Низкий

7.2 High

CVSS3

CVE ID

CVE-2024-25420

Дефекты

CWE-273

CWE-863