CVE-2020-10727

MEDIUM

ActiveMQ Artemis <2.12.0 - Info Disclosure

Title source: llm

Description

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.

References (3)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1827200

[Permissions Required] https://issues.redhat.com/browse/ENTMQBR-3435

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210827-0001/

Scores

CVSS v3 5.5

EPSS 0.0008

EPSS Percentile 22.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-312

Status published

Affected Products (3)

apache/activemq_artemis < 2.12.0

netapp/oncommand_workflow_automation

org.apache.activemq/artemis-commons < 2.13.0Maven

Timeline

Published Jun 26, 2020

Tracked Since Feb 18, 2026