PT-2021-10084 · Smallrye · Smallrye

Ted Jongseok Won

Published

2021-05-28

Updated

2022-03-18

CVE-2020-1729

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: SmallRye versions prior to 1.6.2

Description: A flaw in the API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied, posing a threat to data confidentiality.

Recommendations: For versions prior to 1.6.2, update to SmallRye 1.6.2 to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-1729

GHSA-54FX-GM74-Q676

RHSA-2020:2058

RHSA-2020:2059

RHSA-2020:2060

RHSA-2020:2511

RHSA-2020:2512

RHSA-2020:2513

Affected Products

Smallrye

PT-2021-10084 · Smallrye · Smallrye

CVE-2020-1729

Weakness Enumeration

Related Identifiers

Affected Products

References · 7