Description

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Remediation

References

CVE-2020-1732

Related Vulnerabilities

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.9)

MySQL CVE-2012-0118 Vulnerability (CVE-2012-0118)

WordPress Plugin External Links-nofollow, noopener & new window Cross-Site Scripting (2.55)

Jenkins CVE-2014-2063 Vulnerability (CVE-2014-2063)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37251)

Severity

Medium

Classification

CVE-2020-1732 CWE-20 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities