Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13ODhtLTI5MzYtcm14cs4AAuf5

wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

Permalink: https://github.com/advisories/GHSA-w88m-2936-rmxr
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13ODhtLTI5MzYtcm14cs4AAuf5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 2 years ago
Updated: almost 2 years ago


CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

Identifiers: GHSA-w88m-2936-rmxr, CVE-2021-3644
References: Repository: https://github.com/wildfly/wildfly-core
Blast Radius: 7.7

Affected Packages

maven:org.wildfly.core:wildfly-server
Dependent packages: 355
Dependent repositories: 223
Downloads:
Affected Version Ranges: >= 17.0.0.Beta2, < 17.0.0.Beta3, < 16.0.1.Final
Fixed in: 17.0.0.Beta3, 16.0.1.Final
All affected versions:
All unaffected versions: