Apache Artemis and Apache ActiveMQ Artemis Missing Authentication Vulnerability in Core Federation Connections

A vulnerability allowing missing authentication for critical functions has been identified in Apache Artemis and Apache ActiveMQ Artemis. This issue affects Apache Artemis versions 2.50.0 through 2.51.0 and Apache ActiveMQ Artemis versions 2.11.0 through 2.44.0. The vulnerability allows an unauthenticated remote attacker to manipulate the Core protocol, forcing a target broker to establish an outbound Core federation connection to a rogue broker controlled by the attacker. This could lead to unauthorized message injection into any queue or exfiltration of messages from any queue via the rogue broker. The vulnerability impacts environments that permit incoming Core protocol connections from untrusted sources to the broker, as well as outgoing Core protocol connections from the broker to untrusted targets.

Impact

Exploitation of this vulnerability could result in unauthorized message injection or exfiltration through an attacker-controlled broker, bypassing normal authentication mechanisms.

Remediation

Users are advised to upgrade to Apache Artemis version 2.52.0, which addresses this vulnerability. Alternatively, Core protocol support can be removed from any acceptor that receives connections from untrusted sources. By default, incoming Core protocol connections are allowed via the 'artemis' acceptor on port 61616. Consult the 'protocols' URL parameter for the acceptor to manage this setting. Another option is to implement two-way SSL (certificate-based authentication) to require clients to present valid SSL certificates before initiating a message protocol handshake, thereby preventing unauthenticated exploitation of the vulnerability.