WARNING: High risk vulnerability in Openfire xmpp server
Openfire's administrative console is vulnerable to a path traversal attack via the setup environment. This permits an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users.
The vulnerability has a HIGH impact on Confidentiality. Privileges, authentication, and user interaction are not required to exploit this vulnerability.
CVE-2023-32315 - Administration Console authentication bypass
Openfire's API defines a mechanism for certain URLs to be excluded from web authentication. This mechanism allows for wildcards to be used, to allow for flexible URL pattern matching.
Path traversal protections were already in place to protect against Path Traversal attacks but didn’t defend against certain non-standard URL encoding for UTF-16 characters.
The combination of the wildcard pattern matching, and path traversal vulnerability allows a malicious user to bypass authentication requirements and access Admin Console pages.
The Centre for Cyber Security Belgium strongly recommends system administrators to visit Openfire’s release pages to download and install the patched versions of this software.
Openfire version 4.7.5: https://igniterealtime.org/downloads/#openfire
Openfire version 4.6.8: https://github.com/igniterealtime/Openfire/releases/tag/v4.6.8