CVE-2020-13932 - Vulnerability Details - OpenCVE

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Activemq Artemis
Redhat	Amq Broker

Configuration 1 [-]

cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat AMQ
mqtt-client	cpe:/a:redhat:amq_broker:7	RHSA-2020:5365	2020-12-08T00:00:00Z

References

Link	Providers
https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt
https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb%40%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-13932
https://www.cve.org/CVERecord?id=CVE-2020-13932

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2020-07-20T21:08:34

Updated: 2024-08-04T12:32:14.247Z

Reserved: 2020-06-08T00:00:00

Link: CVE-2020-13932

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-07-20T22:15:11.747

Modified: 2024-11-21T05:02:10.463

Link: CVE-2020-13932

Redhat

Severity : Moderate

Publid Date: 2020-07-20T00:00:00Z

Links: CVE-2020-13932 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Apache ActiveMQ Artemis", "vendor": "n/a", "versions": [{"status": "affected", "version": "Apache ActiveMQ Artemis 2.5.0 to 2.13.0"}]}], "descriptions": [{"lang": "en", "value": "In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section."}], "problemTypes": [{"descriptions": [{"description": "Remote XSS in Web console Diagram Plugin", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-27T18:06:18", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt"}, {"name": "[activemq-users] 20200721 Re: [ANNOUNCE] CVE-2020-13932 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb%40%3Cusers.activemq.apache.org%3E"}, {"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E"}, {"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2020-13932", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache ActiveMQ Artemis", "version": {"version_data": [{"version_value": "Apache ActiveMQ Artemis 2.5.0 to 2.13.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote XSS in Web console Diagram Plugin"}]}]}, "references": {"reference_data": [{"name": "https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt", "refsource": "MISC", "url": "https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt"}, {"name": "[activemq-users] 20200721 Re: [ANNOUNCE] CVE-2020-13932 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb@%3Cusers.activemq.apache.org%3E"}, {"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E"}, {"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:32:14.247Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt"}, {"name": "[activemq-users] 20200721 Re: [ANNOUNCE] CVE-2020-13932 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb%40%3Cusers.activemq.apache.org%3E"}, {"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E"}, {"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-13932", "datePublished": "2020-07-20T21:08:34", "dateReserved": "2020-06-08T00:00:00", "dateUpdated": "2024-08-04T12:32:14.247Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9AFDE5C-5B76-4560-B5DD-FF60841EC26D", "versionEndIncluding": "2.13.0", "versionStartIncluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section."}, {"lang": "es", "value": "En Apache ActiveMQ Artemis versiones 2.5.0 hasta 2.13.0, un paquete MQTT especialmente dise\u00f1ado que presenta una carga \u00fatil XSS como id del cliente o nombre de tema puede explotar esta vulnerabilidad. La carga \u00fatil de XSS est\u00e1 siendo inyectada en el navegador de la consola de administraci\u00f3n. La carga \u00fatil XSS es activada en el plugin diagram; nodo queue y la secci\u00f3n info"}], "id": "CVE-2020-13932", "lastModified": "2024-11-21T05:02:10.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-20T22:15:11.747", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb%40%3Cusers.activemq.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb%40%3Cusers.activemq.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:5365", "cpe": "cpe:/a:redhat:amq_broker:7", "package": "mqtt-client", "product_name": "Red Hat AMQ", "release_date": "2020-12-08T00:00:00Z"}], "bugzilla": {"description": "activemq: remote XSS in web console diagram plugin", "id": "1858946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858946"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.", "A flaw was found in activemq. A specifically crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section."], "name": "CVE-2020-13932", "package_state": [{"cpe": "cpe:/a:redhat:jboss_dev_studio:11.", "fix_state": "Out of support scope", "package_name": "activemq", "product_name": "JBoss Developer Studio 11"}, {"cpe": "cpe:/a:redhat:jboss_developer_studio:12.", "fix_state": "Not affected", "package_name": "activemq", "product_name": "Red Hat CodeReady Studio 12"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "activemq-artemis", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "activemq", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Out of support scope", "package_name": "activemq", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "activemq-artemis", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "activemq-artemis", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd", "fix_state": "Not affected", "package_name": "activemq-artemis", "product_name": "Red Hat JBoss Enterprise Application Platform Continuous Delivery"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "activemq", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "activemq", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "activemq-artemis", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Will not fix", "package_name": "activemq-artemis", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "eap7-activemq-artemis", "product_name": "Red Hat Virtualization 4"}], "public_date": "2020-07-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-13932\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13932"], "threat_severity": "Moderate", "upstream_fix": "Apache ActiveMQ Artemis 2.14.0"}