PT-2020-15019 · Red Hat · Wildfly Elytron

Pedro Sampaio

Published

2020-09-16

Updated

2022-04-28

CVE-2020-1748

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WildFly Elytron versions prior to 1.6.8.Final-redhat-00001

Description A flaw was found where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This leads to information exposure by unauthenticated access to secure resources.

Recommendations For versions prior to 1.6.8.Final-redhat-00001, update to version 1.6.8.Final-redhat-00001 or later to resolve the issue. As a temporary workaround, consider restricting access to secure resources until the update is applied.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-1748

GHSA-QGRQ-CX4C-2RMM

RHSA-2020:3461

RHSA-2020:3462

RHSA-2020:3463

RHSA-2020:3637

RHSA-2020:3638

RHSA-2020:3639

Affected Products

Wildfly Elytron

PT-2020-15019 · Red Hat · Wildfly Elytron

CVE-2020-1748

Weakness Enumeration

Related Identifiers

Affected Products

References · 5