[
https://issues.apache.org/jira/browse/ARTEMIS-5928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18062532#comment-18062532
]
ASF subversion and git services commented on ARTEMIS-5928:
----------------------------------------------------------
Commit 586ce2d7799f55bd87ae9f8b523779f6ec1d6676 in artemis's branch
refs/heads/main from Justin Bertram
[ https://gitbox.apache.org/repos/asf?p=artemis.git;h=586ce2d779 ]
ARTEMIS-5928 fix test
> Refactor federation downstream packet handling
> ----------------------------------------------
>
> Key: ARTEMIS-5928
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5928
> Project: Artemis
> Issue Type: Bug
> Reporter: Justin Bertram
> Assignee: Justin Bertram
> Priority: Major
> Fix For: 2.52.0
>
>
> An unauthenticated remote attacker can use the Core protocol to force a
> target broker to establish an outbound Core federation connection to an
> attacker-controlled rogue broker. This could potentially result in message
> injection into any queue and/or message exfiltration from any queue via the
> rogue broker. This impacts environments that allow both:
> * incoming Core protocol connections from untrusted sources to the broker
> * outgoing Core protocol connections from the broker to untrusted targets
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
