- Description
- In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised.
- Source
- security@apache.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82165825-B96D-467A-A9D1-76F01443D630",
"versionEndExcluding": "3.0.9"
},
{
"criteria": "cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D4A4EB9-65E6-4F63-8DF6-6C03A9BFAF98",
"versionEndExcluding": "4.0.9",
"versionStartIncluding": "4.0.0"
},
{
"criteria": "cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D9108CB-DCB5-40DB-889C-26EDB0041342",
"versionEndExcluding": "4.1.1",
"versionStartIncluding": "4.1.0"
},
{
"criteria": "cpe:2.3:a:apache:karaf:4.0.0:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C7A0D73-11F9-430A-8E03-49D1E1301777"
},
{
"criteria": "cpe:2.3:a:apache:karaf:4.0.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37C8767D-D455-452F-B27E-C3A531F1C50F"
},
{
"criteria": "cpe:2.3:a:apache:karaf:4.0.0:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2A2C83C-6939-4E12-AF43-6932B58C584F"
}
],
"operator": "OR"
}
]
}
]