CVE-2021-3717

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wildfly versions prior to 17.0

Description A flaw was found in Wildfly, where an incorrect JBOSS LOCAL USER challenge location when using the elytron configuration may lead to JBOSS LOCAL USER access to all users on the machine. The highest threat from this issue is to confidentiality, integrity, and availability.

Recommendations For versions prior to 17.0, update to version 17.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the elytron configuration to minimize the risk of exploitation.

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2021-3717

GHSA-P9XF-3RM3-QH2H

RHSA-2021:4676

RHSA-2021:4677

RHSA-2021:5149

RHSA-2021:5150

RHSA-2021:5151

RHSA-2025:1746

Affected Products

Wildfly

CVE-2021-3717

Weakness Enumeration

Related Identifiers

Affected Products

References · 6