Any plans to address CVE-2024-25420 & CVE-2024-25421?

Dylan_G · October 21, 2024, 5:59pm

NVD - CVE-2024-25420
Description: An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.

NVD - CVE-2024-25421
Description: An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.

Openfire CVEs explained (CVE-2024-25420 & CVE-2024-25421)

akrherz · October 21, 2024, 6:29pm

Thanks, I have filed them here

https://igniterealtime.atlassian.net/browse/OF-2894

https://igniterealtime.atlassian.net/browse/OF-2895

guus · February 12, 2025, 1:57pm

Both of these issues have been resolved in Openfire 4.8.1.