CVE-2020-10714

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-10714
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10714.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-10714
Aliases
Related
Published
2020-09-23T13:15:15Z
Modified
2024-09-03T03:07:40.696694Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages

Git / github.com/wildfly-security/wildfly-elytron

Affected ranges

Type
GIT
Repo
https://github.com/wildfly-security/wildfly-elytron
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Beta1
1.0.0.Beta2
1.0.0.Beta3
1.0.0.Beta4
1.0.0.Beta5
1.0.0.Beta6
1.0.0.Beta7
1.0.0.Beta8
1.0.0.Beta9
1.0.0.CR2
1.0.0.CR3
1.0.0.CR4
1.0.1.CR1
1.0.4.CR1
1.0.5.Final
1.0.6.Final
1.0.7.Final
1.0.8.Final
1.0.9.Final
1.1.0.Alpha1
1.1.0.Beta1
1.1.0.Beta10
1.1.0.Beta11
1.1.0.Beta12
1.1.0.Beta13
1.1.0.Beta14
1.1.0.Beta15
1.1.0.Beta16
1.1.0.Beta17
1.1.0.Beta18
1.1.0.Beta19
1.1.0.Beta2
1.1.0.Beta20
1.1.0.Beta21
1.1.0.Beta22
1.1.0.Beta23
1.1.0.Beta24
1.1.0.Beta25
1.1.0.Beta26
1.1.0.Beta27
1.1.0.Beta28
1.1.0.Beta29
1.1.0.Beta3
1.1.0.Beta30
1.1.0.Beta31
1.1.0.Beta32
1.1.0.Beta33
1.1.0.Beta34
1.1.0.Beta35
1.1.0.Beta36
1.1.0.Beta37
1.1.0.Beta38
1.1.0.Beta39
1.1.0.Beta4
1.1.0.Beta40
1.1.0.Beta41
1.1.0.Beta42
1.1.0.Beta43
1.1.0.Beta44
1.1.0.Beta45
1.1.0.Beta46
1.1.0.Beta47
1.1.0.Beta48
1.1.0.Beta49
1.1.0.Beta5
1.1.0.Beta50
1.1.0.Beta51
1.1.0.Beta52
1.1.0.Beta53
1.1.0.Beta54
1.1.0.Beta55
1.1.0.Beta6
1.1.0.Beta7
1.1.0.Beta8
1.1.0.Beta9
1.1.0.CR1
1.1.0.CR2
1.1.0.CR3
1.1.0.CR4
1.1.0.CR5
1.1.0.CR6
1.1.0.Final
1.1.1.Final
1.1.10.Final
1.1.11.Final
1.1.12.Final
1.1.2.CR1
1.1.2.Final
1.1.3.Final
1.1.4.Final
1.1.5.Final
1.1.6.Final
1.1.7.Final
1.1.8.Final
1.1.9.Final
1.10.0.CR1
1.10.0.CR2
1.10.0.CR3
1.10.0.CR4
1.10.0.CR5
1.10.0.CR6
1.10.0.Final
1.10.1.Final
1.10.2.Final
1.10.3.Final
1.10.4.Final
1.10.5.Final
1.10.6.Final
1.11.0.CR1
1.11.0.CR2
1.11.0.CR3
1.11.0.CR4
1.11.0.CR5
1.11.0.Final
1.11.1.Final
1.11.2.Final
1.2.0.Beta1
1.2.0.Beta10
1.2.0.Beta11
1.2.0.Beta12
1.2.0.Beta2
1.2.0.Beta3
1.2.0.Beta4
1.2.0.Beta5
1.2.0.Beta6
1.2.0.Beta7
1.2.0.Beta8
1.2.0.Beta9
1.2.0.Final
1.2.1.Final
1.2.1.SP1
1.2.2.Final
1.2.2.SP1
1.2.2.SP2
1.2.3.Final
1.2.3.SP1
1.2.4.Final
1.3.0.Final
1.3.1.Final
1.3.2.Final
1.3.3.Final
1.4.0.Final
1.4.1.Final
1.5.0.Final
1.5.1.Final
1.5.2.Final
1.5.3.Final
1.5.4.Final
1.5.5.Final
1.6.0.CR1
1.6.0.Final
1.6.1.Final
1.6.2.Final
1.6.3.Final
1.6.4.Final
1.6.5.Final
1.6.6.Final
1.7.0.CR1
1.7.0.CR2
1.7.0.CR3
1.7.0.Final
1.8.0.CR1
1.8.0.CR2
1.8.0.Final
1.9.0.CR1
1.9.0.CR2
1.9.0.CR3
1.9.0.CR4
1.9.0.CR5
1.9.0.Final
1.9.1.Final