GHSA-qgrq-cx4c-2rmm

Source

https://github.com/advisories/GHSA-qgrq-cx4c-2rmm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-qgrq-cx4c-2rmm/GHSA-qgrq-cx4c-2rmm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qgrq-cx4c-2rmm

Aliases

CVE-2020-1748

Published

2022-02-15T01:39:27Z

Modified

2024-02-19T05:23:50.408363Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Incorrect Authorization in WildFly Elytron

Details

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.

Database specific

{
    "github_reviewed": true,
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-863"
    ],
    "nvd_published_at": "2020-09-16T16:15:00Z",
    "github_reviewed_at": "2022-06-24T01:24:56Z"
}

References

Affected packages

Maven / org.wildfly.security:wildfly-elytron

Package

Name: org.wildfly.security:wildfly-elytron; View open source insights on deps.dev
Purl: pkg:maven/org.wildfly.security/wildfly-elytron

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.8

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha2

1.0.0.Alpha3

1.0.0.CR1

1.0.0.Final

1.0.1.Final

1.0.2.Final

1.0.3.Final

1.0.4.Final

1.1.0.Alpha1

1.1.0.Beta1

1.1.0.Beta2

1.1.0.Beta3

1.1.0.Beta4

1.1.0.Beta5

1.1.0.Beta6

1.1.0.Beta7

1.1.0.Beta8

1.1.0.Beta9

1.1.0.Beta10

1.1.0.Beta11

1.1.0.Beta12

1.1.0.Beta13

1.1.0.Beta14

1.1.0.Beta15

1.1.0.Beta16

1.1.0.Beta17

1.1.0.Beta18

1.1.0.Beta19

1.1.0.Beta20

1.1.0.Beta21

1.1.0.Beta22

1.1.0.Beta23

1.1.0.Beta24

1.1.0.Beta25

1.1.0.Beta26

1.1.0.Beta27

1.1.0.Beta28

1.1.0.Beta29

1.1.0.Beta30

1.1.0.Beta31

1.1.0.Beta31-SP1

1.1.0.Beta32

1.1.0.Beta33

1.1.0.Beta34

1.1.0.Beta35

1.1.0.Beta36

1.1.0.Beta37

1.1.0.Beta38

1.1.0.Beta39

1.1.0.Beta40

1.1.0.Beta41

1.1.0.Beta42

1.1.0.Beta43

1.1.0.Beta44

1.1.0.Beta45

1.1.0.Beta46

1.1.0.Beta47

1.1.0.Beta48

1.1.0.Beta49

1.1.0.Beta50

1.1.0.Beta51

1.1.0.Beta52

1.1.0.Beta53

1.1.0.Beta54

1.1.0.Beta55

1.1.0.CR1

1.1.0.CR2

1.1.0.CR3

1.1.0.CR4

1.1.0.CR5

1.1.0.CR6

1.1.0.Final

1.1.1.Final

1.1.2.CR1

1.1.2.Final

1.1.3.Final

1.1.4.Final

1.1.5.Final

1.1.6.Final

1.1.7.Final

1.1.9.Final

1.1.10.Final

1.1.11.Final

1.1.12.Final

1.2.0.Beta1

1.2.0.Beta2

1.2.0.Beta3

1.2.0.Beta4

1.2.0.Beta5

1.2.0.Beta6

1.2.0.Beta7

1.2.0.Beta8

1.2.0.Beta9

1.2.0.Beta10

1.2.0.Beta11

1.2.0.Beta12

1.2.0.Final

1.2.1.Final

1.2.2.Final

1.2.3.Final

1.2.4.Final

1.3.0.Final

1.3.1.Final

1.3.2.Final

1.3.3.Final

1.4.0.Final

1.5.0.Final

1.5.1.Final

1.5.2.Final

1.5.3.Final

1.5.4.Final

1.5.5.Final

1.6.0.Final

1.6.1.Final

1.6.2.Final

1.6.3.Final

1.6.4.Final

1.6.5.Final

1.6.6.Final

1.6.7.Final

Database specific

last_known_affected_version_range

"<= 1.6.7"