CVE-2024-51127

Опубликовано: 04 нояб. 2024

Источник: redhat

CVSS3: 7.1

EPSS Низкий

Описание

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information.

A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information.

Меры по смягчению последствий

There is currently no known mitigation for this vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Build of Keycloak	org.hornetq/hornetq-core-client	Not affected
Red Hat Fuse 7	org.hornetq/hornetq-core-client	Will not fix
Red Hat JBoss Data Grid 7	org.hornetq/hornetq-core-client	Out of support scope
Red Hat JBoss Enterprise Application Platform Expansion Pack	org.hornetq/hornetq-core-client	Not affected
Red Hat JBoss Enterprise Application Platform Expansion Pack	org.jboss.eap-jboss-eap	Not affected
Red Hat JBoss Enterprise Application Platform Expansion Pack	org.jboss.eap-jboss-eap-xp	Not affected
Red Hat Process Automation 7	org.hornetq/hornetq-core-client	Not affected
Red Hat Single Sign-On 7	org.hornetq/hornetq-core-client	Not affected
Important: Red Hat JBoss Enterprise Application Platform 7.4.21 security update	org.hornetq/hornetq-core-client	Fixed	RHSA-2025:1635	18.02.2025
Red Hat JBoss Enterprise Application Platform 7		Fixed	RHSA-2024:11531	19.12.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-22

https://bugzilla.redhat.com/show_bug.cgi?id=2323697hornetq-core-client: Arbitrarily overwrite files or access sensitive information

EPSS

Процентиль: 73%

0.00781

Низкий

7.1 High

CVSS3

Связанные уязвимости

CVE-2024-51127

CVSS3: 7.1

nvd

около 1 года назад

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information.

GHSA-r7mv-mv7m-pjw3

CVSS3: 9.1

github