Vulnerabilities > CVE-2023-31826 - Missing Authorization vulnerability in Skyscreamer Nevado JMS 1.3.2

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

skyscreamer

CWE-862

NVD

Published: 2023-05-23

Updated: 2024-11-21

Summary

Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.

Vulnerable Configurations

Part	Description	Count
Application	Skyscreamer Skyscreamer Nevado JMS 1.3.2	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://nevado.skyscreamer.org/
https://github.com/skyscreamer/nevado/issues/121
https://github.com/skyscreamer/nevado/releases
https://novysodope.github.io/2023/04/01/95/
http://nevado.skyscreamer.org/
https://novysodope.github.io/2023/04/01/95/
https://github.com/skyscreamer/nevado/releases
https://github.com/skyscreamer/nevado/issues/121