CVE-2020-10714

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages

Git / github.com/wildfly-security/wildfly-elytron

Affected ranges

Type

GIT

Repo

https://github.com/wildfly-security/wildfly-elytron

Events

Introduced

Fixed

04b772a9a6cf1bf1e0f47c084d7d20ddf7c7d614

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.11.3"
        }
    ]
}

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha2

1.0.0.Alpha3

1.0.0.Alpha4

1.0.0.Beta1

1.0.0.Beta2

1.0.0.Beta3

1.0.0.Beta4

1.0.0.Beta5

1.0.0.Beta6

1.0.0.Beta7

1.0.0.Beta8

1.0.0.Beta9

1.0.0.CR2

1.0.0.CR3

1.0.0.CR4

1.0.1.CR1

1.0.4.CR1

1.0.5.Final

1.0.6.Final

1.0.7.Final

1.0.8.Final

1.0.9.Final

1.1.0.Alpha1

1.1.0.Beta1

1.1.0.Beta10

1.1.0.Beta11

1.1.0.Beta12

1.1.0.Beta13

1.1.0.Beta14

1.1.0.Beta15

1.1.0.Beta16

1.1.0.Beta17

1.1.0.Beta18

1.1.0.Beta19

1.1.0.Beta2

1.1.0.Beta20

1.1.0.Beta21

1.1.0.Beta22

1.1.0.Beta23

1.1.0.Beta24

1.1.0.Beta25

1.1.0.Beta26

1.1.0.Beta27

1.1.0.Beta28

1.1.0.Beta29

1.1.0.Beta3

1.1.0.Beta30

1.1.0.Beta31

1.1.0.Beta32

1.1.0.Beta33

1.1.0.Beta34

1.1.0.Beta35

1.1.0.Beta36

1.1.0.Beta37

1.1.0.Beta38

1.1.0.Beta39

1.1.0.Beta4

1.1.0.Beta40

1.1.0.Beta41

1.1.0.Beta42

1.1.0.Beta43

1.1.0.Beta44

1.1.0.Beta45

1.1.0.Beta46

1.1.0.Beta47

1.1.0.Beta48

1.1.0.Beta49

1.1.0.Beta5

1.1.0.Beta50

1.1.0.Beta51

1.1.0.Beta52

1.1.0.Beta53

1.1.0.Beta54

1.1.0.Beta55

1.1.0.Beta6

1.1.0.Beta7

1.1.0.Beta8

1.1.0.Beta9

1.1.0.CR1

1.1.0.CR2

1.1.0.CR3

1.1.0.CR4

1.1.0.CR5

1.1.0.CR6

1.1.0.Final

1.1.1.Final

1.1.10.Final

1.1.11.Final

1.1.12.Final

1.1.2.CR1

1.1.2.Final

1.1.3.Final

1.1.4.Final

1.1.5.Final

1.1.6.Final

1.1.7.Final

1.1.8.Final

1.1.9.Final

1.10.0.CR1

1.10.0.CR2

1.10.0.CR3

1.10.0.CR4

1.10.0.CR5

1.10.0.CR6

1.10.0.Final

1.10.1.Final

1.10.2.Final

1.10.3.Final

1.10.4.Final

1.10.5.Final

1.10.6.Final

1.11.0.CR1

1.11.0.CR2

1.11.0.CR3

1.11.0.CR4

1.11.0.CR5

1.11.0.Final

1.11.1.Final

1.11.2.Final

1.2.0.Beta1

1.2.0.Beta10

1.2.0.Beta11

1.2.0.Beta12

1.2.0.Beta2

1.2.0.Beta3

1.2.0.Beta4

1.2.0.Beta5

1.2.0.Beta6

1.2.0.Beta7

1.2.0.Beta8

1.2.0.Beta9

1.2.0.Final

1.2.1.Final

1.2.1.SP1

1.2.2.Final

1.2.2.SP1

1.2.2.SP2

1.2.3.Final

1.2.3.SP1

1.2.4.Final

1.3.0.Final

1.3.1.Final

1.3.2.Final

1.3.3.Final

1.4.0.Final

1.4.1.Final

1.5.0.Final

1.5.1.Final

1.5.2.Final

1.5.3.Final

1.5.4.Final

1.5.5.Final

1.6.0.CR1

1.6.0.Final

1.6.1.Final

1.6.2.Final

1.6.3.Final

1.6.4.Final

1.6.5.Final

1.6.6.Final

1.7.0.CR1

1.7.0.CR2

1.7.0.CR3

1.7.0.Final

1.8.0.CR1

1.8.0.CR2

1.8.0.Final

1.9.0.CR1

1.9.0.CR2

1.9.0.CR3

1.9.0.CR4

1.9.0.CR5

1.9.0.Final

1.9.1.Final

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10714.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    }
]