CVE-2025-27391

Опубликовано: 09 апр. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users.

Users are recommended to upgrade to version 2.40.0, which fixes the issue.

Ссылки

https://lists.apache.org/thread/25p96cvzl1mkt29lwm2d8knklkoqolps
Mailing List
Vendor Advisory
Issue Tracking
http://www.openwall.com/lists/oss-security/2025/04/09/3
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*

Версия от 1.5.1 (включая) до 2.40.0 (исключая)

EPSS

Процентиль: 23%

0.00076

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-532

Связанные уязвимости

CVE-2025-27391

CVSS3: 5.5

redhat

5 месяцев назад

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users. Users are recommended to upgrade to version 2.40.0, which fixes the issue.

GHSA-pm4j-p7pm-fpvx