You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by gi...@apache.org on 2021/02/08 05:14:45 UTC
[activemq-website] branch asf-site updated: Automatic Site Publish
by Buildbot
This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new a424318 Automatic Site Publish by Buildbot
a424318 is described below
commit a42431827d0698b8bd797d77f71977e758262a63
Author: buildbot <us...@infra.apache.org>
AuthorDate: Mon Feb 8 05:14:40 2021 +0000
Automatic Site Publish by Buildbot
---
output/components/classic/security.html | 3 ++-
.../CVE-2020-13947-announcement.txt | 23 ++++++++++++++++++++++
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/output/components/classic/security.html b/output/components/classic/security.html
index 31bca73..dc0391a 100644
--- a/output/components/classic/security.html
+++ b/output/components/classic/security.html
@@ -98,8 +98,9 @@
<ul>
<li><a href="../../security-advisories.data/CVE-2021-26117-announcement.txt">CVE-2021-26117</a> - ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind</li>
- <li><a href="../../security-advisories.data/CVE-2020-11998-announcement.txt">CVE-2020-11998</a> - JMX remote client could execute arbitrary code</li>
+ <li><a href="../../security-advisories.data/CVE-2020-13947-announcement.txt">CVE-2020-13947</a> - XSS in WebConsole</li>
<li><a href="../../security-advisories.data/CVE-2020-13920-announcement.txt">CVE-2020-13920</a> - JMX MITM vulnerability</li>
+ <li><a href="../../security-advisories.data/CVE-2020-11998-announcement.txt">CVE-2020-11998</a> - JMX remote client could execute arbitrary code</li>
<li><a href="../../security-advisories.data/CVE-2020-1941-announcement.txt">CVE-2020-1941</a> - XSS in WebConsole</li>
<li><a href="../../security-advisories.data/CVE-2019-0222-announcement.txt">CVE-2019-0222</a> - Corrupt MQTT frame can cause broker shutdown</li>
<li><a href="../../security-advisories.data/CVE-2018-8006-announcement.txt">CVE-2018-8006</a> - ActiveMQ Web Console - Cross-Site Scripting</li>
diff --git a/output/security-advisories.data/CVE-2020-13947-announcement.txt b/output/security-advisories.data/CVE-2020-13947-announcement.txt
new file mode 100644
index 0000000..f91ff8a
--- /dev/null
+++ b/output/security-advisories.data/CVE-2020-13947-announcement.txt
@@ -0,0 +1,23 @@
+CVE-2020-13947 - XSS in WebConsole
+
+Severity: Medium
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ prior to 5.15.12 and 5.16.0
+
+Description:
+An instance of a cross-site scripting
+vulnerability was identified to be present in the web based
+administration console on the message.jsp page of Apache ActiveMQ
+versions 5.15.12 to 5.16.0.
+
+Mitigation:
+Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1
+
+Credit:
+This issue was discovery by:
+
+* qiang qiang <si...@gmail.com>