icon

We found results for “

CVE-2020-10727

Good to know:

icon
icon

Date: June 26, 2020

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.

Language: Java

Severity Score

Severity Score

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Cleartext Storage of Sensitive Information

CWE-312

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.activemq:artemis-core-client:2.12.0; org.apache.activemq:artemis-server:2.12.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us