GHSA-7fhr-2694-rg79

Source

https://github.com/advisories/GHSA-7fhr-2694-rg79

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-7fhr-2694-rg79/GHSA-7fhr-2694-rg79.json

Aliases

CVE-2020-10714

Published

2022-02-15T01:39:57Z

Modified

2024-02-22T05:33:15.390908Z

Details

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages

Maven / org.wildfly.security:wildfly-elytron

Package

Name: org.wildfly.security:wildfly-elytron

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.11.4

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha2

1.0.0.Alpha3

1.0.0.CR1

1.0.0.Final

1.0.1.Final

1.0.2.Final

1.0.3.Final

1.0.4.Final

1.1.0.Alpha1

1.1.0.Beta1

1.1.0.Beta2

1.1.0.Beta3

1.1.0.Beta4

1.1.0.Beta5

1.1.0.Beta6

1.1.0.Beta7

1.1.0.Beta8

1.1.0.Beta9

1.1.0.Beta10

1.1.0.Beta11

1.1.0.Beta12

1.1.0.Beta13

1.1.0.Beta14

1.1.0.Beta15

1.1.0.Beta16

1.1.0.Beta17

1.1.0.Beta18

1.1.0.Beta19

1.1.0.Beta20

1.1.0.Beta21

1.1.0.Beta22

1.1.0.Beta23

1.1.0.Beta24

1.1.0.Beta25

1.1.0.Beta26

1.1.0.Beta27

1.1.0.Beta28

1.1.0.Beta29

1.1.0.Beta30

1.1.0.Beta31

1.1.0.Beta31-SP1

1.1.0.Beta32

1.1.0.Beta33

1.1.0.Beta34

1.1.0.Beta35

1.1.0.Beta36

1.1.0.Beta37

1.1.0.Beta38

1.1.0.Beta39

1.1.0.Beta40

1.1.0.Beta41

1.1.0.Beta42

1.1.0.Beta43

1.1.0.Beta44

1.1.0.Beta45

1.1.0.Beta46

1.1.0.Beta47

1.1.0.Beta48

1.1.0.Beta49

1.1.0.Beta50

1.1.0.Beta51

1.1.0.Beta52

1.1.0.Beta53

1.1.0.Beta54

1.1.0.Beta55

1.1.0.CR1

1.1.0.CR2

1.1.0.CR3

1.1.0.CR4

1.1.0.CR5

1.1.0.CR6

1.1.0.Final

1.1.1.Final

1.1.2.CR1

1.1.2.Final

1.1.3.Final

1.1.4.Final

1.1.5.Final

1.1.6.Final

1.1.7.Final

1.1.9.Final

1.1.10.Final

1.1.11.Final

1.1.12.Final

1.2.0.Beta1

1.2.0.Beta2

1.2.0.Beta3

1.2.0.Beta4

1.2.0.Beta5

1.2.0.Beta6

1.2.0.Beta7

1.2.0.Beta8

1.2.0.Beta9

1.2.0.Beta10

1.2.0.Beta11

1.2.0.Beta12

1.2.0.Final

1.2.1.Final

1.2.2.Final

1.2.3.Final

1.2.4.Final

1.3.0.Final

1.3.1.Final

1.3.2.Final

1.3.3.Final

1.4.0.Final

1.5.0.Final

1.5.1.Final

1.5.2.Final

1.5.3.Final

1.5.4.Final

1.5.5.Final

1.6.0.Final

1.6.1.Final

1.6.2.Final

1.6.3.Final

1.6.4.Final

1.6.5.Final

1.6.6.Final

1.6.7.Final

1.6.8.Final

1.7.0.CR1

1.7.0.CR2

1.7.0.CR3

1.7.0.Final

1.8.0.CR1

1.8.0.CR2

1.8.0.Final

1.9.0.CR1

1.9.0.CR2

1.9.0.CR3

1.9.0.CR4

1.9.0.CR5

1.9.0.Final

1.9.1.Final

1.10.0.CR1

1.10.0.CR2

1.10.0.CR3

1.10.0.CR4

1.10.0.CR5

1.10.0.CR6

1.10.0.Final

1.10.1.Final

1.10.2.Final

1.10.3.Final

1.10.4.Final

1.10.5.Final

1.10.6.Final

1.10.7.Final

1.10.8.Final

1.10.9.Final

1.10.10.Final

1.10.11.Final

1.10.12.Final

1.10.13.Final

1.10.14.Final

1.10.15.Final

1.11.0.CR1

1.11.0.CR2

1.11.0.CR3

1.11.0.CR4

1.11.0.CR5

1.11.0.Final

1.11.1.Final

1.11.2.Final

1.11.3.Final

Database specific

{
    "last_known_affected_version_range": "<= 1.11.3"
}