3 matches found
GHSA-9JG9-6WM2-X7P5 Server-Side Request Forgery in Karaf
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...
karaf: A remote client could create MBeans from arbitrary URLs
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...
Apache Karaf Code Issue Vulnerability
Apache Karaf is the United States Apache Apache Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. A code issue vulnerability exists in Apache Karaf versions prior to 4.2.9. In Karaf, JAAS is used for JMX authentication and AC...