Description
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.
Remediation
References
Related Vulnerabilities
PHP-Fusion Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1807)
WordPress Plugin WP Symposium Multiple Vulnerabilities (14.10)
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-12605)
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3)
WordPress Plugin PICA Photo Gallery 'picaPhotosResize.php' Arbitrary File Upload (1.0)