Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
AMQ 访问控制错误漏洞
Vulnerability Description
Red Hat AMQ Broker是美国红帽(Red Hat)公司的一个纯 Java 多协议消息代理。它建立在高效的异步核心之上,具有用于消息持久性的快速本机日志和用于高可用性的无共享状态复制选项。 AMQ Broker 存在访问控制错误漏洞,该漏洞源于对没有角色集的用户的访问限制不当。 远程特权用户可以绕过实施的安全限制并获得对管理控制台中的未授权访问。该漏洞允许远程用户获得对其他受限功能的未授权访问。
CVSS Information
N/A
Vulnerability Type
N/A