CVE-2022-24721: CWE-863: Incorrect Authorization in cometd cometd
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.
AI Analysis
Technical Summary
CVE-2022-24721 is a medium-severity vulnerability affecting the CometD project, a scalable comet implementation used for web messaging. The vulnerability arises from incorrect authorization (CWE-863) in the handling of internal Oort and Seti channels in CometD versions prior to 5.0.11, 6.0.6, and 7.0.6. These channels are intended for internal cluster communication and should not be accessible to remote users. However, due to improper authorization checks, any remote user can subscribe to and publish messages on these channels. Subscribing to these channels allows an attacker to eavesdrop on cluster-internal traffic, potentially exposing sensitive data belonging to other users. Publishing to these channels enables an attacker to create, modify, or delete data of other users and alter the cluster structure, which could disrupt service integrity and availability. The vulnerability does not require authentication or user interaction, making exploitation relatively straightforward for any remote user with network access to the CometD service. The issue is addressed in CometD versions 5.0.11, 6.0.6, and 7.0.6. As an interim mitigation, deploying a custom SecurityPolicy that restricts subscription and publishing rights on Oort and Seti channels for remote, non-Oort sessions is recommended. No known exploits have been reported in the wild as of the published date in March 2022.
Potential Impact
For European organizations using vulnerable versions of CometD, this vulnerability poses significant risks to confidentiality, integrity, and availability of internal cluster communications. Confidentiality is compromised as attackers can intercept sensitive data exchanged within the cluster. Integrity is at risk because attackers can manipulate or delete data belonging to other users and alter the cluster topology, potentially causing service disruptions or unauthorized data modifications. Availability could be affected if the cluster structure is destabilized. Organizations relying on CometD for real-time messaging in critical applications such as financial services, telecommunications, or industrial control systems may face operational disruptions and data breaches. The lack of authentication requirement and ease of exploitation increase the threat level, especially in environments where CometD services are exposed to untrusted networks or insufficiently segmented internal networks. This vulnerability could also facilitate lateral movement within compromised networks, amplifying the impact of initial breaches.
Mitigation Recommendations
1. Upgrade CometD to the fixed versions 5.0.11, 6.0.6, or 7.0.6 as soon as possible to fully remediate the vulnerability. 2. Until patching is feasible, implement a custom SecurityPolicy that explicitly forbids subscription and publishing to Oort and Seti channels from remote, non-Oort sessions to prevent unauthorized access. 3. Restrict network access to CometD services by enforcing strict firewall rules and network segmentation, limiting exposure to trusted internal hosts only. 4. Monitor CometD logs for unusual subscription or publishing activity on Oort and Seti channels, which may indicate exploitation attempts. 5. Conduct regular security assessments and penetration tests targeting CometD deployments to identify and remediate any residual authorization weaknesses. 6. Educate development and operations teams about secure configuration of CometD and the importance of timely patching for messaging infrastructure.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium
CVE-2022-24721: CWE-863: Incorrect Authorization in cometd cometd
Description
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.
AI-Powered Analysis
Technical Analysis
CVE-2022-24721 is a medium-severity vulnerability affecting the CometD project, a scalable comet implementation used for web messaging. The vulnerability arises from incorrect authorization (CWE-863) in the handling of internal Oort and Seti channels in CometD versions prior to 5.0.11, 6.0.6, and 7.0.6. These channels are intended for internal cluster communication and should not be accessible to remote users. However, due to improper authorization checks, any remote user can subscribe to and publish messages on these channels. Subscribing to these channels allows an attacker to eavesdrop on cluster-internal traffic, potentially exposing sensitive data belonging to other users. Publishing to these channels enables an attacker to create, modify, or delete data of other users and alter the cluster structure, which could disrupt service integrity and availability. The vulnerability does not require authentication or user interaction, making exploitation relatively straightforward for any remote user with network access to the CometD service. The issue is addressed in CometD versions 5.0.11, 6.0.6, and 7.0.6. As an interim mitigation, deploying a custom SecurityPolicy that restricts subscription and publishing rights on Oort and Seti channels for remote, non-Oort sessions is recommended. No known exploits have been reported in the wild as of the published date in March 2022.
Potential Impact
For European organizations using vulnerable versions of CometD, this vulnerability poses significant risks to confidentiality, integrity, and availability of internal cluster communications. Confidentiality is compromised as attackers can intercept sensitive data exchanged within the cluster. Integrity is at risk because attackers can manipulate or delete data belonging to other users and alter the cluster topology, potentially causing service disruptions or unauthorized data modifications. Availability could be affected if the cluster structure is destabilized. Organizations relying on CometD for real-time messaging in critical applications such as financial services, telecommunications, or industrial control systems may face operational disruptions and data breaches. The lack of authentication requirement and ease of exploitation increase the threat level, especially in environments where CometD services are exposed to untrusted networks or insufficiently segmented internal networks. This vulnerability could also facilitate lateral movement within compromised networks, amplifying the impact of initial breaches.
Mitigation Recommendations
1. Upgrade CometD to the fixed versions 5.0.11, 6.0.6, or 7.0.6 as soon as possible to fully remediate the vulnerability. 2. Until patching is feasible, implement a custom SecurityPolicy that explicitly forbids subscription and publishing to Oort and Seti channels from remote, non-Oort sessions to prevent unauthorized access. 3. Restrict network access to CometD services by enforcing strict firewall rules and network segmentation, limiting exposure to trusted internal hosts only. 4. Monitor CometD logs for unusual subscription or publishing activity on Oort and Seti channels, which may indicate exploitation attempts. 5. Conduct regular security assessments and penetration tests targeting CometD deployments to identify and remediate any residual authorization weaknesses. 6. Educate development and operations teams about secure configuration of CometD and the importance of timely patching for messaging infrastructure.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2022-02-10T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9842c4522896dcbf2917
Added to database: 5/21/2025, 9:09:22 AM
Last enriched: 6/23/2025, 1:35:59 PM
Last updated: 8/12/2025, 6:49:49 AM
Views: 17
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.