CVE-2020-10718

Name of the Vulnerable Software and Affected Versions Wildfly versions prior to 13.0.0.Final

Description A flaw was found in the embedded managed process API, where the Thread Context Classloader (TCCL) setting is exposed as a public method. This exposure can bypass the security manager, posing a threat to confidentiality.

Recommendations For versions prior to 13.0.0.Final, update to version 13.0.0.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the public method that exposes the TCCL setting to minimize the risk of exploitation.