WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1748 Vulnerability in maven package org.wildfly.security:wildfly-elytron

Description

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1807707

https://security.netapp.com/advisory/ntap-20201001-0005/

Related Vulnerabilities

CVE-2019-8331 Vulnerability in maven package org.fujion.webjars:bootstrap

CVE-2022-36084 Vulnerability in npm package cruddl

CVE-2019-1010266 Vulnerability in maven package org.webjars.bower:lodash

CVE-2017-2654 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2022-28366 Vulnerability in maven package net.sourceforge.htmlunit:neko-htmlunit

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory NVD-CWE-noinfo