GHSA-7fhr-2694-rg79
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7fhr-2694-rg79
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-7fhr-2694-rg79/GHSA-7fhr-2694-rg79.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7fhr-2694-rg79
- Aliases
- Published
- 2022-02-15T01:39:57Z
- Modified
- 2024-02-22T05:33:15.390908Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Session Fixation in WildFly Elytron
- Details
-
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- Database specific
{ "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-384" ], "nvd_published_at": "2020-09-23T13:15:00Z", "github_reviewed_at": "2022-06-24T01:26:35Z" }- References
Affected packages
Maven / org.wildfly.security:wildfly-elytron
Package
- Name
- org.wildfly.security:wildfly-elytron
- View open source insights on deps.dev
- Purl
- pkg:maven/org.wildfly.security/wildfly-elytron
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.11.4
Affected versions
1.*
1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.CR1
1.0.0.Final
1.0.1.Final
1.0.2.Final
1.0.3.Final
1.0.4.Final
1.1.0.Alpha1
1.1.0.Beta1
1.1.0.Beta2
1.1.0.Beta3
1.1.0.Beta4
1.1.0.Beta5
1.1.0.Beta6
1.1.0.Beta7
1.1.0.Beta8
1.1.0.Beta9
1.1.0.Beta10
1.1.0.Beta11
1.1.0.Beta12
1.1.0.Beta13
1.1.0.Beta14
1.1.0.Beta15
1.1.0.Beta16
1.1.0.Beta17
1.1.0.Beta18
1.1.0.Beta19
1.1.0.Beta20
1.1.0.Beta21
1.1.0.Beta22
1.1.0.Beta23
1.1.0.Beta24
1.1.0.Beta25
1.1.0.Beta26
1.1.0.Beta27
1.1.0.Beta28
1.1.0.Beta29
1.1.0.Beta30
1.1.0.Beta31
1.1.0.Beta31-SP1
1.1.0.Beta32
1.1.0.Beta33
1.1.0.Beta34
1.1.0.Beta35
1.1.0.Beta36
1.1.0.Beta37
1.1.0.Beta38
1.1.0.Beta39
1.1.0.Beta40
1.1.0.Beta41
1.1.0.Beta42
1.1.0.Beta43
1.1.0.Beta44
1.1.0.Beta45
1.1.0.Beta46
1.1.0.Beta47
1.1.0.Beta48
1.1.0.Beta49
1.1.0.Beta50
1.1.0.Beta51
1.1.0.Beta52
1.1.0.Beta53
1.1.0.Beta54
1.1.0.Beta55
1.1.0.CR1
1.1.0.CR2
1.1.0.CR3
1.1.0.CR4
1.1.0.CR5
1.1.0.CR6
1.1.0.Final
1.1.1.Final
1.1.2.CR1
1.1.2.Final
1.1.3.Final
1.1.4.Final
1.1.5.Final
1.1.6.Final
1.1.7.Final
1.1.9.Final
1.1.10.Final
1.1.11.Final
1.1.12.Final
1.2.0.Beta1
1.2.0.Beta2
1.2.0.Beta3
1.2.0.Beta4
1.2.0.Beta5
1.2.0.Beta6
1.2.0.Beta7
1.2.0.Beta8
1.2.0.Beta9
1.2.0.Beta10
1.2.0.Beta11
1.2.0.Beta12
1.2.0.Final
1.2.1.Final
1.2.2.Final
1.2.3.Final
1.2.4.Final
1.3.0.Final
1.3.1.Final
1.3.2.Final
1.3.3.Final
1.4.0.Final
1.5.0.Final
1.5.1.Final
1.5.2.Final
1.5.3.Final
1.5.4.Final
1.5.5.Final
1.6.0.Final
1.6.1.Final
1.6.2.Final
1.6.3.Final
1.6.4.Final
1.6.5.Final
1.6.6.Final
1.6.7.Final
1.6.8.Final
1.7.0.CR1
1.7.0.CR2
1.7.0.CR3
1.7.0.Final
1.8.0.CR1
1.8.0.CR2
1.8.0.Final
1.9.0.CR1
1.9.0.CR2
1.9.0.CR3
1.9.0.CR4
1.9.0.CR5
1.9.0.Final
1.9.1.Final
1.10.0.CR1
1.10.0.CR2
1.10.0.CR3
1.10.0.CR4
1.10.0.CR5
1.10.0.CR6
1.10.0.Final
1.10.1.Final
1.10.2.Final
1.10.3.Final
1.10.4.Final
1.10.5.Final
1.10.6.Final
1.10.7.Final
1.10.8.Final
1.10.9.Final
1.10.10.Final
1.10.11.Final
1.10.12.Final
1.10.13.Final
1.10.14.Final
1.10.15.Final
1.11.0.CR1
1.11.0.CR2
1.11.0.CR3
1.11.0.CR4
1.11.0.CR5
1.11.0.Final
1.11.1.Final
1.11.2.Final
1.11.3.Final