CVE-2023-32081

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Vert.x STOMP versions 3.1.0 through 3.9.16 Vert.x STOMP versions 4.0.0 through 4.4.2

Description The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame replied with a successful CONNECTED frame. This allows a client to subscribe to a destination or publish a message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted.

Recommendations For versions 3.1.0 through 3.9.15, update to version 3.9.16. For versions 4.0.0 through 4.4.1, update to version 4.4.2.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2023-32081

GHSA-GVRQ-CG5R-7CHP

Affected Products

Vert.X Stomp

CVE-2023-32081

Weakness Enumeration

Related Identifiers

Affected Products

References · 8