RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: OX
Published: 2023-11-02T13:01:20.424Z
Updated: 2024-01-12T07:09:24.702Z
Reserved: 2023-02-22T20:42:56.092Z
Link: CVE-2023-26455
JSON object: View
NVD Information
Status : Modified
Published: 2023-11-02T14:15:10.873
Modified: 2024-01-12T08:15:42.813
Link: CVE-2023-26455
JSON object: View
Redhat Information
No data.
CWE