8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-50780

GHSA ID

GHSA-443j-grxv-2pgv

EPSS Score

0.3882%

CWE

CWE-285

Published

10/14/2024

Updated

10/16/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-50780

CVE-2023-50780:
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE.

Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-50780

GHSA ID

GHSA-443j-grxv-2pgv

EPSS Score

0.3882%

CWE

CWE-285

Published

10/14/2024

Updated

10/16/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.activemq:artemis-cli	maven	< 2.29.0	2.29.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from Apache ActiveMQ Artemis exposing the Log4j2 MBean (LoggerContextAdminMBean) through its Jolokia endpoint. This MBean provides methods to modify logging configurations (e.g., injecting malicious appenders). The fix in version 2.29.0 explicitly disables the MBean via the '-Dlog4j2.disableJmx=true' flag, confirming that the MBean's exposure was the root cause. While the vulnerable code resides in Log4j2, Artemis' insecure default configuration (lack of JMX disabling) enabled the attack vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** **tiv*MQ *rt*mis *llows ****ss to *i**nosti* in*orm*tion *n* *ontrols t*rou** M***ns, w*i** *r* *lso *xpos** t*rou** t** *ut**nti**t** Joloki* *n*point. ***or* v*rsion *.**.*, t*is *lso in*lu*** t** Lo**J* M***n. T*is M***n is not m**nt *or *x

Reasoning

T** vuln*r**ility st*ms *rom *p**** **tiv*MQ *rt*mis *xposin* t** Lo**j* M***n (Lo***r*ont*xt**minM***n) t*rou** its Joloki* *n*point. T*is M***n provi**s m*t*o*s to mo*i*y lo**in* *on*i*ur*tions (*.*., inj**tin* m*li*ious *pp*n**rs). T** *ix in v*rs

8.8

Basic Information

Concerned about an active attack path?

CVE-2023-50780: Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-50780:
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

Vulnerability Intelligence
Miggo AI