Description
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1825714
https://security.netapp.com/advisory/ntap-20201223-0002/
Related Vulnerabilities
CVE-2023-2251 Vulnerability in npm package yaml
CVE-2019-1003034 Vulnerability in maven package org.jenkins-ci.plugins:job-dsl
CVE-2022-34205 Vulnerability in maven package org.jenkins-ci.plugins:jianliao
CVE-2023-34602 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2021-41183 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui