Vulnerability Description
In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Activemq Artemis | >= 2.5.0, <= 2.13.0 |
Related Weaknesses (CWE)
References
- https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcementVendor Advisory
- https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04
- https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737
- https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afcca
- https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcementVendor Advisory
- https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04
- https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737
- https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afcca
FAQ
What is CVE-2020-13932?
CVE-2020-13932 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into t...
How severe is CVE-2020-13932?
CVE-2020-13932 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13932?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Activemq Artemis.