Lucene search
Veracode Vulnerability DatabaseVERACODE:34712HistoryMar 16, 2022 - 7:26 a.m.
Improper Authorization
2022-03-1607:26:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
cometd
oort
seti
unauthorized access
cluster traffic
data manipulation
EPSS
0.001
Percentile
46.3%
org.cometd.java:cometd-java-oort is vulnerable to improper authorization. Remote attackers are able to subscribe and publish to Oort and Seti channels due to improper authorization, allowing interception of internal cluster traffic. As a result the remote attackers are able to create/modify/delete other user’s data and modify the cluster structure.
References
github.com/cometd/cometd/commit/0246a6dd744e692b55eec95e114a9e234eced260
github.com/cometd/cometd/commit/62eac518697013e1bb7dc573547cc89e55015cdc
github.com/cometd/cometd/commit/bb445a143fbf320f17c62e340455cd74acfb5929
github.com/cometd/cometd/issues/1146
github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv
Related
osv
osv
Improper Authorization in org.cometd.oort
2022-03-15 19:02:36
CVE-2022-24721
2022-03-15 14:15:08
prion
prion
Code injection
2022-03-15 14:15:00
redhatcve
redhatcve
CVE-2022-24721
2022-03-16 10:21:24
cvelist
cvelist
CVE-2022-24721 Incorrect Authorization in org.cometd.oort
2022-03-15 13:45:13
cve
cve
CVE-2022-24721
2022-03-15 14:15:08
nvd
nvd
CVE-2022-24721
2022-03-15 14:15:08
github
github
Improper Authorization in org.cometd.oort
2022-03-15 19:02:36