[
https://issues.apache.org/jira/browse/ARTEMIS-5928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robbie Gemmell updated ARTEMIS-5928:
------------------------------------
Summary: Refactor Core federation downstream packet handling (was:
Refactor federation downstream packet handling)
> Refactor Core federation downstream packet handling
> ---------------------------------------------------
>
> Key: ARTEMIS-5928
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5928
> Project: Artemis
> Issue Type: Bug
> Reporter: Justin Bertram
> Assignee: Justin Bertram
> Priority: Critical
> Fix For: 2.52.0
>
>
> An unauthenticated remote attacker can use the Core protocol to force a
> target broker to establish an outbound Core federation connection to an
> attacker-controlled rogue broker. This could potentially result in message
> injection into any queue and/or message exfiltration from any queue via the
> rogue broker. This impacts environments that allow both:
> * incoming Core protocol connections from untrusted sources to the broker
> * outgoing Core protocol connections from the broker to untrusted targets
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
