Kevin Schmidt

**Name of the Vulnerable Software and Affected Versions** Apache Karaf versions prior to 3.0.9 Apache Karaf versions prior to 4.0.9 Apache Karaf versions prior to 4.1.1 **Description** The issue affects the webconsole feature in Apache Karaf, specifically the Gogo shell/console. When the Pax Web Extender Whiteboard is installed, the Gogo console becomes accessible at an unsecured URL, allowing unauthenticated users to access the Karaf console. **Recommendations** For Apache Karaf versions prior to 3.0.9, consider stopping or uninstalling the Gogo plugin bundle to mitigate the issue, although this will remove the console from the .../system/console application. For Apache Karaf versions prior to 4.0.9, consider stopping or uninstalling the Gogo plugin bundle to mitigate the issue, although this will remove the console from the .../system/console application. For Apache Karaf versions prior to 4.1.1, consider stopping or uninstalling the Gogo plugin bundle to mitigate the issue, although this will remove the console from the .../system/console application. As an alternative, stopping or uninstalling the Pax Web Extender Whiteboard can also mitigate the issue, but this may reduce or compromise the functionality of other components or applications that require it.