Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-w7r6-v4j7-h94w

Опубликовано: 03 апр. 2023
Источник: github
Github: Прошло ревью
CVSS3: 7.8

Описание

Apache James server's JMX management service vulnerable to privilege escalation by local user

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.

Ссылки

Пакеты

Наименование

org.apache.james:javax-mail-extension

maven
Затронутые версииВерсия исправления

< 3.7.4

3.7.4

EPSS

Процентиль: 80%
0.01353
Низкий

7.8 High

CVSS3

CVE ID

CVE-2023-26269

Дефекты

CWE-862

Связанные уязвимости

nvd логотип

CVE-2023-26269

CVSS3: 7.8
nvd
почти 3 года назад

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.

EPSS

Процентиль: 80%
0.01353
Низкий

7.8 High

CVSS3

CVE ID

CVE-2023-26269

Дефекты

CWE-862