Description
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1991305
https://security.netapp.com/advisory/ntap-20220804-0002/
Related Vulnerabilities
CVE-2022-24891 Vulnerability in maven package org.owasp.esapi:esapi
CVE-2023-0044 Vulnerability in maven package io.quarkus:quarkus-vertx-http
CVE-2022-0868 Vulnerability in npm package urijs
CVE-2019-10374 Vulnerability in maven package org.jenkins-ci.plugins:pegdown-formatter
CVE-2016-0779 Vulnerability in maven package org.apache.tomee:openejb-client