[java-sig-commits] [Bug 1848045] New: CVE-2020-1941 activemq: Cross-site scripting in webconsole admin GUI

17 Jun 2020


      https://bugzilla.redhat.com/show_bug.cgi?id=1848045
Bug ID: 1848045
           Summary: CVE-2020-1941 activemq: Cross-site scripting in
                    webconsole admin GUI
           Product: Security Response
          Hardware: All
                OS: Linux
            Status: NEW
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team@redhat.com
          Reporter: psampaio@redhat.com
                CC: aboyko@redhat.com, agrimm@gmail.com,
                    aileenc@redhat.com, akoufoud@redhat.com,
                    alazarot@redhat.com, almorale@redhat.com,
                    anstephe@redhat.com, asoldano@redhat.com,
                    atangrin@redhat.com, ataylor@redhat.com,
                    bbaranow@redhat.com, bmaxwell@redhat.com,
                    brian.stansberry@redhat.com, cdewolf@redhat.com,
                    chazlett@redhat.com, darran.lofthouse@redhat.com,
                    dblechte@redhat.com, dfediuck@redhat.com,
                    dkreling@redhat.com, dosoudil@redhat.com,
                    drieden@redhat.com, eedri@redhat.com,
                    etirelli@redhat.com, extras-orphan@fedoraproject.org,
                    ganandan@redhat.com, ggaughan@redhat.com,
                    gmalinko@redhat.com, gvarsami@redhat.com,
                    ibek@redhat.com, iweiss@redhat.com,
                    janstey@redhat.com,
                    java-sig-commits@lists.fedoraproject.org,
                    jawilson@redhat.com, jcoleman@redhat.com,
                    jochrist@redhat.com, jperkins@redhat.com,
                    jstastny@redhat.com, jwon@redhat.com,
                    kconner@redhat.com, krathod@redhat.com,
                    kverlaen@redhat.com, kwills@redhat.com,
                    ldimaggi@redhat.com, lgao@redhat.com,
                    mgoldboi@redhat.com, michal.skrivanek@redhat.com,
                    mnovotny@redhat.com, msochure@redhat.com,
                    msvehla@redhat.com, nwallace@redhat.com,
                    paradhya@redhat.com, pdrozd@redhat.com,
                    pjindal@redhat.com, pmackay@redhat.com,
                    psotirop@redhat.com, puntogil@libero.it,
                    rguimara@redhat.com, rrajasek@redhat.com,
                    rstancel@redhat.com, rsvoboda@redhat.com,
                    rsynek@redhat.com, rwagner@redhat.com,
                    sbonazzo@redhat.com, sdaley@redhat.com,
                    sherold@redhat.com, smaestri@redhat.com, s@shk.io,
                    sthorger@redhat.com, tcunning@redhat.com,
                    tdawson@redhat.com, tkirby@redhat.com,
                    tom.jenkinson@redhat.com, yturgema@redhat.com
  Target Milestone: ---
    Classification: Other
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS,
in the view that lists the contents of a queue.
References:
http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announceme...
-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[java-sig-commits] [Bug 1848045] New: CVE-2020-1941 activemq: Cross-site scripting in webconsole admin GUI