CVE-2023-32315: Administration Console authentication bypass in openfire xmppserver
(updated )
An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community.
References
- github.com/advisories/GHSA-gw42-f939-fhvm
- github.com/igniterealtime/Openfire
- github.com/igniterealtime/Openfire/commit/2ac00a1ff42f5d3547ef58e21f8cdec992bfcf97
- github.com/igniterealtime/Openfire/commit/71f3def2adeaac62729cf544b645c6819c3d9868
- github.com/igniterealtime/Openfire/commit/a3b5ebd5032ff7be9d3ada5bf52bea2df96ec881
- github.com/igniterealtime/Openfire/releases/tag/v4.6.8
- github.com/igniterealtime/Openfire/releases/tag/v4.7.5
- github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm
- igniterealtime.atlassian.net/browse/OF-2595
- nvd.nist.gov/vuln/detail/CVE-2023-32315
- www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32315
Code Behaviors & Features
Detect and mitigate CVE-2023-32315 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →