GHSA-mrgh-6x42-x6xf

Source

https://github.com/advisories/GHSA-mrgh-6x42-x6xf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mrgh-6x42-x6xf/GHSA-mrgh-6x42-x6xf.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-mrgh-6x42-x6xf

Aliases

CVE-2012-4446

Published

2022-05-17T05:13:24Z

Modified

2024-12-07T05:36:08.640085Z

Summary

Improper Authentication in Apache Qpid

Details

The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.

Database specific

{
    "github_reviewed_at": "2022-07-13T15:56:19Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-287"
    ],
    "nvd_published_at": "2013-03-14T03:10:00Z"
}

References

Affected packages

Maven / org.apache.qpid:qpid-client

Package

Name: org.apache.qpid:qpid-client; View open source insights on deps.dev
Purl: pkg:maven/org.apache.qpid/qpid-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.20

Affected versions

0.*

0.10

0.12

0.14

0.16

0.18