karaf-webconsole is vulnerable to unauthorized access. The vulnerability exists when the gogo feature is installed with the webconsole feature, causing the /gogo
endpoint to be accessed without authentication.
git-wip-us.apache.org/repos/asf?p=karaf.git;h=1fc60d7
git-wip-us.apache.org/repos/asf?p=karaf.git;h=434e525
git-wip-us.apache.org/repos/asf?p=karaf.git;h=cfa213a
github.com/apache/karaf/commit/1fc60d7792e1aa35970b8d967f88ca3381053172
github.com/apache/karaf/commit/cfa213ad680ded70b70bf0c648891a06386ef632
issues.apache.org/jira/browse/KARAF-4993
www.mail-archive.com/[email protected]/msg16123.html