[
https://issues.apache.org/jira/browse/ARTEMIS-5928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18062537#comment-18062537
]
Justin Bertram commented on ARTEMIS-5928:
-----------------------------------------
Commit 521e672e4108675806d748158444ce23f9ef76ca in artemis's branch
refs/heads/2.52.x from Justin Bertram
[ https://gitbox.apache.org/repos/asf?p=artemis.git;h=521e672e41 ]
ARTEMIS-5928 Refactor federation downstream packet handling
This commit includes the following changes:
- Separate the handling of federation downstream connect packets into
its own handler
- Add a new config parameter
- Disambiguate existing Core federation logging
- Add new logging for each possible outcome when handling these packets
- Add tests
- Add docs
> Refactor federation downstream packet handling
> ----------------------------------------------
>
> Key: ARTEMIS-5928
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5928
> Project: Artemis
> Issue Type: Bug
> Reporter: Justin Bertram
> Assignee: Justin Bertram
> Priority: Critical
> Fix For: 2.52.0
>
>
> An unauthenticated remote attacker can use the Core protocol to force a
> target broker to establish an outbound Core federation connection to an
> attacker-controlled rogue broker. This could potentially result in message
> injection into any queue and/or message exfiltration from any queue via the
> rogue broker. This impacts environments that allow both:
> * incoming Core protocol connections from untrusted sources to the broker
> * outgoing Core protocol connections from the broker to untrusted targets
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
