Description
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1825714
https://security.netapp.com/advisory/ntap-20201223-0002/
Related Vulnerabilities
CVE-2021-32860 Vulnerability in maven package org.webjars.npm:izimodal
CVE-2023-30523 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2022-23307 Vulnerability in maven package org.apache.logging.log4j:log4j
CVE-2023-29515 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui
CVE-2021-36737 Vulnerability in maven package org.apache.portals.pluto.demo:v3-demo-portlet