Описание
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.
Отчет
Red Hat CodeReady Studio 12 is not affected by this flaw as it does not ship the vulnerable component of wildfly.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CodeReady Studio 12 | wildfly-core | Not affected | ||
| Red Hat JBoss Data Grid 7 | wildfly-core | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | jboss-as-controller | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | jboss-as-controller | Out of support scope | ||
| Red Hat JBoss Fuse 6 | wildfly-core | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | jboss-as-controller | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | jboss-as-controller | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | wildfly-core | Out of support scope | ||
| EAP 7.3.9 release | wildfly-core | Fixed | RHSA-2021:3471 | 08.09.2021 |
| EAP 7.4.1 release | Fixed | RHSA-2021:3660 | 23.09.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.
A flaw was found in wildfly-core in all versions. If a vault expressio ...
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
Уязвимость программного пакета wildfly-core Java-сервера приложений WildFly, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
EPSS
3.3 Low
CVSS3