Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 16.0.1.Final, 17.0.0.Beta3, 17.0.0.Final
Affects Version/s: 16.0.0.Final, 17.0.0.Beta2
Component/s: None
Labels:
- downstream_dependency

Release Note Text:
Undefined
Git Pull Request:
https://github.com/wildfly/wildfly-core/pull/4668, https://github.com/wildfly/wildfly-core/pull/4669

Description

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

Attachments

Activity

People

Assignee:: Darran Lofthouse

Reporter:: Darran Lofthouse

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021/07/15 11:51 AM

Updated:: 2023/01/03 5:14 AM

Resolved:: 2021/07/16 6:59 AM