HTML Injection in ActiveMQ Artemis Web Console
CVE-2022-35278

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache ActiveMQ Artemis
Vendor: CVE Published:; 23 August 2022

Summary

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

Affected Version(s)

Apache ActiveMQ Artemis <= 2.23.1

References

https://lists.apache.org/thread/bh6y81wtotg75337bpvxcjy43...

https://security.netapp.com/advisory/ntap-20221209-0005/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 23, 2022
Vulnerability Reserved
Jul 6, 2022

Credit

Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this issue.