CVE-2024-25421
EPSS 2.6%Ignite Realtime Openfire privilege escalation vulnerability
發布日:2024/3/26修改日:2024/12/7
描述
An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.
受影響套件(1)
- Maven/org.igniterealtime.openfire:xmppserverfrom 0, < 4.8.1
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-25421
- PATCHhttps://github.com/igniterealtime/Openfire
- WEBhttps://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoomManager.java
- WEBhttps://github.com/igniterealtime/Openfire/commit/d66bddd29dbf56aa9b822635619fa66cca6f2112
- WEBhttps://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421
- WEBhttps://www.igniterealtime.org/projects/openfire