Описание
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AMQ Broker 7 | wildfly | Not affected | ||
| Red Hat CodeReady Studio 12 | wildfly | Will not fix | ||
| Red Hat Data Grid 8 | wildfly | Fix deferred | ||
| Red Hat Integration Camel K 1 | wildfly | Will not fix | ||
| Red Hat Integration Camel Quarkus 1 | wildfly | Will not fix | ||
| Red Hat Integration Service Registry | wildfly | Will not fix | ||
| Red Hat JBoss Data Grid 7 | wildfly | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | jbossas | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | wildfly | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 5 | jbossas | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge l ...
EPSS
7.8 High
CVSS3