github - ghsa-33j4-8vcr-f79v

ghsa-33j4-8vcr-f79v

Vulnerability from github

Published

2022-05-02 06:20

Modified

2023-12-21 18:48

Summary

Cross-site request forgery in Apache ActiveMQ

Details

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.activemq:activemq-parent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2010-1244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-21T18:48:02Z",
    "nvd_published_at": "2010-04-05T16:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.",
  "id": "GHSA-33j4-8vcr-f79v",
  "modified": "2023-12-21T18:48:02Z",
  "published": "2022-05-02T06:20:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1244"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/activemq/commit/1f464b9412e1b1c08d40c8ffac40edd52731da48"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/activemq/commit/f3d4034e2a7cee7b1f88c7e6b0d1d69458e1bcf0"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57398"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/activemq"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/activemq/browse/AMQ-2613"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/activemq/browse/AMQ-2625"
    },
    {
      "type": "WEB",
      "url": "http://activemq.apache.org/activemq-531-release.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39223"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Cross-site request forgery in Apache ActiveMQ"
}

cve-2010-1244

Vulnerability from cvelistv5

Published

2010-04-05 16:00

Modified

2024-08-07 01:14

Severity

Summary

References

URL	Tags
https://issues.apache.org/activemq/browse/AMQ-2613	x_refsource_CONFIRM
http://activemq.apache.org/activemq-531-release.html	x_refsource_CONFIRM
http://secunia.com/advisories/39223	third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/57398	vdb-entry, x_refsource_XF
https://issues.apache.org/activemq/browse/AMQ-2625	x_refsource_CONFIRM

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website