2 matches found
CVE-2023-50780
Apache ActiveMQ Artemis suffers a vulnerability where diagnostic MBeans (including the Log4J2 MBean) are exposed through the Jolokia endpoint, accessible to authenticated users. Before version 2.29.0 this exposure could allow an authenticated attacker to write arbitrary files to the filesystem an...
CVE-2023-50780 Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...