Description

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1807707

https://security.netapp.com/advisory/ntap-20201001-0005/

Related Vulnerabilities

CVE-2023-49375 Vulnerability in maven package com.jfinal:jfinal

CVE-2022-24615 Vulnerability in maven package net.lingala.zip4j:zip4j

CVE-2022-39248 Vulnerability in maven package org.matrix.android:matrix-android-sdk2

CVE-2022-2256 Vulnerability in maven package org.keycloak:keycloak-themes

CVE-2022-35915 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory NVD-CWE-noinfo