Lucene search

K
freebsdFreeBSD9BCFF2C4-1779-11EF-B489-B42E991FC52E
HistoryMay 26, 2023 - 12:00 a.m.

Openfire administration console authentication bypass

2023-05-2600:00:00
vuxml.freebsd.org
6
openfire
administration
console
path traversal
vulnerability
authentication bypass
web-based application
unauthenticated user
setup environment
restricted pages
security advisory
patched
upgrade
github advisory
mitigation advice
unix

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

7.3 High

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

[email protected] reports:

Openfire’s administrative console, a web-based
application, was found to be vulnerable to a path traversal attack
via the setup environment. This permitted an unauthenticated user
to use the unauthenticated Openfire Setup Environment in an already
configured Openfire environment to access restricted pages in the
Openfire Admin Console reserved for administrative users. This
vulnerability affects all versions of Openfire that have been
released since April 2015, starting with version 3.10.0. The problem
has been patched in Openfire release 4.7.5 and 4.6.8, and further
improvements will be included in the yet-to-be released first version
on the 4.8 branch (which is expected to be version 4.8.0). Users
are advised to upgrade. If an Openfire upgrade isnt available for
a specific release, or isnt quickly actionable, users may see the
linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchopenfire<Β 4.6.8UNKNOWN

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

7.3 High

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%