CVE-2024-25420

Опубликовано: 26 мар. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.

Ссылки

https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java
Product
https://github.com/igniterealtime/Openfire/pull/2411
https://github.com/igniterealtime/Openfire/releases/tag/v4.8.1
https://igniterealtime.atlassian.net/browse/OF-2758
https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421
Exploit
Third Party Advisory
https://www.igniterealtime.org/projects/openfire/
Product
Release Notes
https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java
Product
https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421
Exploit
Third Party Advisory
https://www.igniterealtime.org/projects/openfire/
Product
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*

Версия до 4.9.0 (включая)

EPSS

Процентиль: 82%

0.01769

Низкий

7.2 High

CVSS3

Дефекты

CWE-273

Связанные уязвимости

GHSA-5xvc-rwv8-86p7