CVE-2020-14348

Опубликовано: 02 июл. 2020

Источник: redhat

CVSS3: 4.3

EPSS Низкий

Описание

It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

A flaw was found in AMQ Online before 1.5.2, where injecting an invalid field to a user's address space configuration of the user namespace puts AMQ Online in an inconsistent state. In this inconsistent state, the AMQ Online components do not operate properly. For example, the failure of provisioning and the failure of creating addresses may occur. However, this issue does not impact already existing messaging clients or brokers.

Меры по смягчению последствий

The user can work around the issue by repairing the resource and removing the invalid (top-level) field.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat A-MQ Online	enmasse	Affected
Red Hat AMQ Online 1.5.2 GA		Fixed	RHSA-2020:3209	29.07.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-248

https://bugzilla.redhat.com/show_bug.cgi?id=1861814AMQ: Denial of Service via unrecognized field injection

EPSS

Процентиль: 46%

0.00235

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2020-14348

CVSS3: 4.3

nvd

больше 5 лет назад

GHSA-hxj4-cvx4-5vg6

CVSS3: 4.3

github

больше 3 лет назад

EPSS

Процентиль: 46%

0.00235

Низкий

4.3 Medium

CVSS3