Miggo Logo
Miggo Vulnerability Database
CVE-2024-25421

CVE-2024-25421:
Ignite Realtime Openfire privilege escalation vulnerability

N/A

CVSS Score

Basic Information

CVE ID
CVE-2024-25421
GHSA ID
GHSA-6pwg-gg6j-5crm
EPSS Score
0.75032%
CWE
CWE-863
Published
3/26/2024
Updated
3/27/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.igniterealtime.openfire:xmppservermaven< 4.8.14.8.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper authorization cleanup when users are deleted. The key issues were: 1) MultiUserChatManager's userDeleting only handled database persistence but not in-memory cache (as shown by the removed TODO comment), and 2) LocalMUCRoomManager's ROOM_CACHE maintained stale affiliations due to missing UserEventDispatcher integration. The patch adds user deletion handlers to MUCRoom and proper cache synchronization, confirming these were the vulnerable points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* in I*nit* R**ltim* Op*n*ir* v.*.*.* *n* ***or* *llows * r*mot* *tt**k*r to *s**l*t* privil***s vi* t** ROOM_***** *ompon*nt.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *ut*oriz*tion *l**nup w**n us*rs *r* **l*t**. T** k*y issu*s w*r*: *) `MultiUs*r***tM*n***r`'s us*r**l*tin* only **n*l** **t***s* p*rsist*n** *ut not in-m*mory ***** (*s s*own *y t** r*mov** TO*O *omm*nt), *n* *)