Description

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Remediation

References

CVE-2020-1732

Related Vulnerabilities

Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-12883)

b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5494)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11110)

WordPress 3.4.1 Multiple Vulnerabilities (2.0 - 3.4.1)

Oracle Database Server CVE-2011-2243 Vulnerability (CVE-2011-2243)

Severity

Medium

Classification

CVE-2020-1732 CWE-20 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities