GHSA-82v2-f875-73g9

Source

https://github.com/advisories/GHSA-82v2-f875-73g9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-82v2-f875-73g9/GHSA-82v2-f875-73g9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-82v2-f875-73g9

Aliases

CVE-2019-14838

Published

2022-05-24T16:58:43Z

Modified

2024-02-16T08:24:59.968047Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Wildfly Authorization Misconfiguration

Details

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

References

Affected packages

Maven / org.wildfly.core:wildfly-host-controller

Package

Name: org.wildfly.core:wildfly-host-controller; View open source insights on deps.dev
Purl: pkg:maven/org.wildfly.core/wildfly-host-controller

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.2.5.GA

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha2

1.0.0.Alpha3

1.0.0.Alpha4

1.0.0.Alpha5

1.0.0.Alpha6

1.0.0.Alpha7

1.0.0.Alpha8

1.0.0.Alpha9

1.0.0.Alpha10

1.0.0.Alpha11

1.0.0.Alpha12

1.0.0.Alpha13

1.0.0.Alpha14

1.0.0.Alpha15

1.0.0.Alpha16

1.0.0.Alpha17

1.0.0.Alpha18

1.0.0.Alpha19

1.0.0.Beta1

1.0.0.Beta2

1.0.0.Beta3

1.0.0.Beta4

1.0.0.Beta5

1.0.0.Beta6

1.0.0.CR1

1.0.0.CR2

1.0.0.CR3

1.0.0.CR4

1.0.0.CR5

1.0.0.CR6

1.0.0.CR7

1.0.0.Final

1.0.1.Final

1.0.2.Final

2.*

2.0.0.Alpha1

2.0.0.Alpha2

2.0.0.Alpha3

2.0.0.Alpha4

2.0.0.Alpha5

2.0.0.Alpha6

2.0.0.Alpha7

2.0.0.Alpha8

2.0.0.Alpha9

2.0.0.Alpha10

2.0.0.Alpha11

2.0.0.Alpha12

2.0.0.Alpha13

2.0.0.Beta1

2.0.0.Beta2

2.0.0.Beta3

2.0.0.Beta4

2.0.0.Beta5

2.0.0.Beta6

2.0.0.Beta7

2.0.0.CR1

2.0.0.CR2

2.0.0.CR3

2.0.0.CR4

2.0.0.CR5

2.0.0.CR6

2.0.0.CR7

2.0.0.CR8

2.0.0.CR9

2.0.0.Final

2.0.1.Final

2.0.2.Final

2.0.3.Final

2.0.4.Final

2.0.5.CR1

2.0.5.Final

2.0.6.Final

2.0.7.Final

2.0.8.Final

2.0.9.Final

2.0.10.Final

2.1.0.CR1

2.1.0.CR2

2.1.0.Final

2.2.0.CR1

2.2.0.CR2

2.2.0.CR3

2.2.0.CR4

2.2.0.CR5

2.2.0.CR6

2.2.0.CR7

2.2.0.CR8

2.2.0.CR9

2.2.0.Final

2.2.1.CR1

2.2.1.CR2

2.2.1.Final

3.*

3.0.0.Alpha1

3.0.0.Alpha2

3.0.0.Alpha3

3.0.0.Alpha4

3.0.0.Alpha5

3.0.0.Alpha6

3.0.0.Alpha7

3.0.0.Alpha8

3.0.0.Alpha9

3.0.0.Alpha10

3.0.0.Alpha11

3.0.0.Alpha12

3.0.0.Alpha13

3.0.0.Alpha14

3.0.0.Alpha15

3.0.0.Alpha16

3.0.0.Alpha17

3.0.0.Alpha18

3.0.0.Alpha19

3.0.0.Alpha20

3.0.0.Alpha21

3.0.0.Alpha22

3.0.0.Alpha23

3.0.0.Alpha24

3.0.0.Alpha25

3.0.0.Beta1

3.0.0.Beta2

3.0.0.Beta3

3.0.0.Beta5

3.0.0.Beta6

3.0.0.Beta7

3.0.0.Beta8

3.0.0.Beta9

3.0.0.Beta10

3.0.0.Beta11

3.0.0.Beta12

3.0.0.Beta13

3.0.0.Beta14

3.0.0.Beta15

3.0.0.Beta16

3.0.0.Beta17

3.0.0.Beta18

3.0.0.Beta19

3.0.0.Beta20

3.0.0.Beta21

3.0.0.Beta22

3.0.0.Beta23

3.0.0.Beta24

3.0.0.Beta25

3.0.0.Beta26

3.0.0.Beta27

3.0.0.Beta28

3.0.0.Beta29

3.0.0.Beta30

3.0.0.Beta31

3.0.0.CR1

3.0.0.Final

3.0.1.Final

3.0.2.CR1

3.0.2.Final

3.0.3.Final

3.0.4.Final

3.0.5.Final

3.0.6.Final

3.0.7.Final

3.0.8.Final

3.0.9.Final

3.0.10.Final

3.1.0.Final

4.*

4.0.0.Alpha1

4.0.0.Alpha2

4.0.0.Alpha3

4.0.0.Alpha4

4.0.0.Alpha5

4.0.0.Alpha6

4.0.0.Alpha7

4.0.0.Alpha8

4.0.0.Alpha9

4.0.0.Alpha10

4.0.0.Beta1

4.0.0.Beta2

4.0.0.CR1

4.0.0.Final

5.*

5.0.0.Alpha1

5.0.0.Alpha2

5.0.0.Alpha3

5.0.0.Alpha4

5.0.0.Alpha5

5.0.0.Alpha6

5.0.0.Alpha7

5.0.0.Beta1

5.0.0.Beta2

5.0.0.Beta3

5.0.0.Beta4

5.0.0.Beta5

5.0.0.CR1

5.0.0.Final

6.*

6.0.0.Alpha1

6.0.0.Alpha2

6.0.0.Alpha3

6.0.0.Alpha4

6.0.0.Alpha5

6.0.0.Beta1

6.0.0.CR1

6.0.0.CR2

6.0.0.CR3

6.0.0.CR4

6.0.0.Final

6.0.1.Final

6.0.2.Final

7.*

7.0.0.Alpha1

7.0.0.Alpha2

7.0.0.Alpha3

7.0.0.Alpha4

7.0.0.Alpha5

7.0.0.Beta1

7.0.0.CR1

7.0.0.Final