Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-4945

[8.x] CVE-2014-7849 WildFly Domain Management: Limited RBAC authorization bypass

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 8.2.0.Final
    • Fix Version/s: 8.2.1.Final
    • Component/s: Management
    • Labels:
      None

      Description

      This is the WildFly 8.x variant of WFCORE-540.

      It was discovered that the Role Based Access Control (RBAC) implementation did not sufficiently verify all authorization conditions that are required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role could use this flaw to add, modify, or undefine a limited set of attributes and their values, which otherwise cannot be written to.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  brian.stansberry Brian Stansberry
                  Reporter:
                  brian.stansberry Brian Stansberry
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: