Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13ODhtLTI5MzYtcm14cs4AAuf5
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.
Permalink: https://github.com/advisories/GHSA-w88m-2936-rmxrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13ODhtLTI5MzYtcm14cs4AAuf5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
Identifiers: GHSA-w88m-2936-rmxr, CVE-2021-3644
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3644
- https://github.com/wildfly/wildfly-core/pull/4668
- https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714
- https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b
- https://access.redhat.com/security/cve/CVE-2021-3644
- https://bugzilla.redhat.com/show_bug.cgi?id=1976052
- https://issues.redhat.com/browse/WFCORE-5511
- https://github.com/advisories/GHSA-w88m-2936-rmxr
Blast Radius: 7.7
Affected Packages
maven:org.wildfly.core:wildfly-server
Dependent packages: 355Dependent repositories: 223
Downloads:
Affected Version Ranges: >= 17.0.0.Beta2, < 17.0.0.Beta3, < 16.0.1.Final
Fixed in: 17.0.0.Beta3, 16.0.1.Final
All affected versions:
All unaffected versions: