Thousands of Openfire XMPP servers remain unprotected against a recently disclosed flaw.
According to VulnCheck, this vulnerability relates to a path traversal vulnerability in the Openfire administrative console.
It was remediated by its developer, Ignite Realtime, earlier this May with the release of versions 4.6.8, 4.7.5, and 4.8.0.
The report also notes that the plugin system allows administrators to add, more or less, arbitrary functionality to Openfire via uploaded Java JARs.
Many of these servers are vulnerable because they have not been updated with the latest version of the program’s protection against this new type of malicious XMLHttpRequest.
CVE-2023-32315 was originally reported in April.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply