Description
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1825714
https://security.netapp.com/advisory/ntap-20201223-0002/
Related Vulnerabilities
CVE-2023-25166 Vulnerability in npm package @sideway/formula
CVE-2017-16008 Vulnerability in maven package org.webjars.bower:i18next
CVE-2020-1694 Vulnerability in npm package keycloak-connect
CVE-2023-46654 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2018-20594 Vulnerability in maven package org.hswebframework.web:hsweb-system-workflow-local