Description

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1807707

https://security.netapp.com/advisory/ntap-20201001-0005/

Related Vulnerabilities

CVE-2021-21430 Vulnerability in maven package org.openapitools:openapi-generator-project

CVE-2022-24197 Vulnerability in maven package com.itextpdf:itext7-core

CVE-2019-12041 Vulnerability in maven package org.webjars.bowergithub.jonschlinkert:remarkable

CVE-2022-24999 Vulnerability in npm package express

CVE-2021-40823 Vulnerability in npm package matrix-js-sdk

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory NVD-CWE-noinfo