CVE-2020-10714

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-10714

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10714.json

Aliases

GHSA-7fhr-2694-rg79

Published

2020-09-23T13:15:15Z

Modified

2023-11-29T07:43:55.725120Z

Details

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages

Git / github.com/wildfly-security/wildfly-elytron

Affected ranges

Type: GIT
Repo: https://github.com/wildfly-security/wildfly-elytron
Events: Introduced

0The exact introduced commit is unknown

Fixed

04b772a9a6cf1bf1e0f47c084d7d20ddf7c7d614

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha2

1.0.0.Alpha3

1.0.0.Alpha4

1.0.0.Beta1

1.0.0.Beta2

1.0.0.Beta3

1.0.0.Beta4

1.0.0.Beta5

1.0.0.Beta6

1.0.0.Beta7

1.0.0.Beta8

1.0.0.Beta9

1.0.0.CR2

1.0.0.CR3

1.0.0.CR4

1.0.1.CR1

1.0.4.CR1

1.0.5.Final

1.0.6.Final

1.0.7.Final

1.0.8.Final

1.0.9.Final

1.1.0.Alpha1

1.1.0.Beta1

1.1.0.Beta10

1.1.0.Beta11

1.1.0.Beta12

1.1.0.Beta13

1.1.0.Beta14

1.1.0.Beta15

1.1.0.Beta16

1.1.0.Beta17

1.1.0.Beta18

1.1.0.Beta19

1.1.0.Beta2

1.1.0.Beta20

1.1.0.Beta21

1.1.0.Beta22

1.1.0.Beta23

1.1.0.Beta24

1.1.0.Beta25

1.1.0.Beta26

1.1.0.Beta27

1.1.0.Beta28

1.1.0.Beta29

1.1.0.Beta3

1.1.0.Beta30

1.1.0.Beta31

1.1.0.Beta32

1.1.0.Beta33

1.1.0.Beta34

1.1.0.Beta35

1.1.0.Beta36

1.1.0.Beta37

1.1.0.Beta38

1.1.0.Beta39

1.1.0.Beta4

1.1.0.Beta40

1.1.0.Beta41

1.1.0.Beta42

1.1.0.Beta43

1.1.0.Beta44

1.1.0.Beta45

1.1.0.Beta46

1.1.0.Beta47

1.1.0.Beta48

1.1.0.Beta49

1.1.0.Beta5

1.1.0.Beta50

1.1.0.Beta51

1.1.0.Beta52

1.1.0.Beta53

1.1.0.Beta54

1.1.0.Beta55

1.1.0.Beta6

1.1.0.Beta7

1.1.0.Beta8

1.1.0.Beta9

1.1.0.CR1

1.1.0.CR2

1.1.0.CR3

1.1.0.CR4

1.1.0.CR5

1.1.0.CR6

1.1.0.Final

1.1.1.Final

1.1.10.Final

1.1.11.Final

1.1.12.Final

1.1.2.CR1

1.1.2.Final

1.1.3.Final

1.1.4.Final

1.1.5.Final

1.1.6.Final

1.1.7.Final

1.1.8.Final

1.1.9.Final

1.10.0.CR1

1.10.0.CR2

1.10.0.CR3

1.10.0.CR4

1.10.0.CR5

1.10.0.CR6

1.10.0.Final

1.10.1.Final

1.10.2.Final

1.10.3.Final

1.10.4.Final

1.10.5.Final

1.10.6.Final

1.11.0.CR1

1.11.0.CR2

1.11.0.CR3

1.11.0.CR4

1.11.0.CR5

1.11.0.Final

1.11.1.Final

1.11.2.Final

1.2.0.Beta1

1.2.0.Beta10

1.2.0.Beta11

1.2.0.Beta12

1.2.0.Beta2

1.2.0.Beta3

1.2.0.Beta4

1.2.0.Beta5

1.2.0.Beta6

1.2.0.Beta7

1.2.0.Beta8

1.2.0.Beta9

1.2.0.Final

1.2.1.Final

1.2.1.SP1

1.2.2.Final

1.2.2.SP1

1.2.2.SP2

1.2.3.Final

1.2.3.SP1

1.2.4.Final

1.3.0.Final

1.3.1.Final

1.3.2.Final

1.3.3.Final

1.4.0.Final

1.4.1.Final

1.5.0.Final

1.5.1.Final

1.5.2.Final

1.5.3.Final

1.5.4.Final

1.5.5.Final

1.6.0.CR1

1.6.0.Final

1.6.1.Final

1.6.2.Final

1.6.3.Final

1.6.4.Final

1.6.5.Final

1.6.6.Final

1.7.0.CR1

1.7.0.CR2

1.7.0.CR3

1.7.0.Final

1.8.0.CR1

1.8.0.CR2

1.8.0.Final

1.9.0.CR1

1.9.0.CR2

1.9.0.CR3

1.9.0.CR4

1.9.0.CR5

1.9.0.Final

1.9.1.Final