CNNVD-202510-2808 Information
CNNVD ID
CNNVD-202510-2808
Related CVE
- CNNVD Published: 2025-10-22
Description (Chinese)
Red Hat AMQ Broker是美国红帽(Red Hat)公司的一个纯 Java 多协议消息代理。它建立在高效的异步核心之上,具有用于消息持久性的快速本机日志和用于高可用性的无共享状态复制选项。 Red Hat AMQ Broker存在安全漏洞,该漏洞源于/etc/passwd文件在构建时被创建为组可写权限,可能导致权限提升。
Description (English)
Red Hat AMQ Broker is a pure Java multi-agreement news agent for Red Hat. It is based on an efficient walk core, with a fast home log for message durability and no shared copy options for high availability. Red Hat AMQ Broker has a security loophole, which stems from the creation of /etc/passwd files as group write permissions at the time of construction, which may lead to an increase in permissions.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
红帽
Published
2025-10-22
Last Modified
2026-02-24
References
https://access.redhat.com/errata/RHSA-2025:17562 https://access.redhat.com/security/cve/CVE-2025-58712 https://bugzilla.redhat.com/show_bug.cgi?id=2394418
Patch
https://access.redhat.com/products/red-hat-amq
Share on: