GHSA-f892-4h9f-j7g9HighCVSS 8.1
Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web...
🔗 CVE IDs covered (1)
📋 Description
Improper Authorization vulnerability in Apache ActiveMQ.
An authenticated low-privilege Web Console user by default can access /admin/* paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7.
Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.