WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1748 Vulnerability in maven package org.wildfly.security:wildfly-elytron

Description

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1807707

https://security.netapp.com/advisory/ntap-20201001-0005/

Related Vulnerabilities

CVE-2020-6950 Vulnerability in maven package org.glassfish:jakarta.faces

CVE-2020-2282 Vulnerability in maven package org.jenkins-ci.plugins:implied-labels

CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-javalite

CVE-2022-24198 Vulnerability in maven package com.itextpdf:itext7-core

CVE-2020-2244 Vulnerability in maven package org.jenkins-ci.plugins:build-failure-analyzer

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory NVD-CWE-noinfo