CVE-2024-25421
EPSS 2.6%Ignite Realtime Openfire privilege escalation vulnerability
Published: 3/26/2024Modified: 12/7/2024
Description
An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.
Affected packages (1)
- Maven/org.igniterealtime.openfire:xmppserverfrom 0, < 4.8.1
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-25421
- PATCHhttps://github.com/igniterealtime/Openfire
- WEBhttps://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoomManager.java
- WEBhttps://github.com/igniterealtime/Openfire/commit/d66bddd29dbf56aa9b822635619fa66cca6f2112
- WEBhttps://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421
- WEBhttps://www.igniterealtime.org/projects/openfire