GHSA-w88m-2936-rmxr

Suggest an improvement
Source
https://github.com/advisories/GHSA-w88m-2936-rmxr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-w88m-2936-rmxr/GHSA-w88m-2936-rmxr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-w88m-2936-rmxr
Aliases
Published
2022-08-27T00:00:45Z
Modified
2024-12-03T06:00:45.865020Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
Details

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

Database specific
{
    "nvd_published_at": "2022-08-26T16:15:00Z",
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-02T21:13:13Z"
}
References

Affected packages

Maven / org.wildfly.core:wildfly-server

Package

Name
org.wildfly.core:wildfly-server
View open source insights on deps.dev
Purl
pkg:maven/org.wildfly.core/wildfly-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.0.1.Final

Affected versions

1.*

1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Alpha5
1.0.0.Alpha6
1.0.0.Alpha7
1.0.0.Alpha8
1.0.0.Alpha9
1.0.0.Alpha10
1.0.0.Alpha11
1.0.0.Alpha12
1.0.0.Alpha13
1.0.0.Alpha14
1.0.0.Alpha15
1.0.0.Alpha16
1.0.0.Alpha17
1.0.0.Alpha18
1.0.0.Alpha19
1.0.0.Beta1
1.0.0.Beta2
1.0.0.Beta3
1.0.0.Beta4
1.0.0.Beta5
1.0.0.Beta6
1.0.0.CR1
1.0.0.CR2
1.0.0.CR3
1.0.0.CR4
1.0.0.CR5
1.0.0.CR6
1.0.0.CR7
1.0.0.Final
1.0.1.Final
1.0.2.Final

2.*

2.0.0.Alpha1
2.0.0.Alpha2
2.0.0.Alpha3
2.0.0.Alpha4
2.0.0.Alpha5
2.0.0.Alpha6
2.0.0.Alpha7
2.0.0.Alpha8
2.0.0.Alpha9
2.0.0.Alpha10
2.0.0.Alpha11
2.0.0.Alpha12
2.0.0.Alpha13
2.0.0.Beta1
2.0.0.Beta2
2.0.0.Beta3
2.0.0.Beta4
2.0.0.Beta5
2.0.0.Beta6
2.0.0.Beta7
2.0.0.CR1
2.0.0.CR2
2.0.0.CR3
2.0.0.CR4
2.0.0.CR5
2.0.0.CR6
2.0.0.CR7
2.0.0.CR8
2.0.0.CR9
2.0.0.Final
2.0.1.Final
2.0.2.Final
2.0.3.Final
2.0.4.Final
2.0.5.CR1
2.0.5.Final
2.0.6.Final
2.0.7.Final
2.0.8.Final
2.0.9.Final
2.0.10.Final
2.1.0.CR1
2.1.0.CR2
2.1.0.Final
2.2.0.CR1
2.2.0.CR2
2.2.0.CR3
2.2.0.CR4
2.2.0.CR5
2.2.0.CR6
2.2.0.CR7
2.2.0.CR8
2.2.0.CR9
2.2.0.Final
2.2.1.CR1
2.2.1.CR2
2.2.1.Final

3.*

3.0.0.Alpha1
3.0.0.Alpha2
3.0.0.Alpha3
3.0.0.Alpha4
3.0.0.Alpha5
3.0.0.Alpha6
3.0.0.Alpha7
3.0.0.Alpha8
3.0.0.Alpha9
3.0.0.Alpha10
3.0.0.Alpha11
3.0.0.Alpha12
3.0.0.Alpha13
3.0.0.Alpha14
3.0.0.Alpha15
3.0.0.Alpha16
3.0.0.Alpha17
3.0.0.Alpha18
3.0.0.Alpha19
3.0.0.Alpha20
3.0.0.Alpha21
3.0.0.Alpha22
3.0.0.Alpha23
3.0.0.Alpha24
3.0.0.Alpha25
3.0.0.Beta1
3.0.0.Beta2
3.0.0.Beta3
3.0.0.Beta5
3.0.0.Beta6
3.0.0.Beta7
3.0.0.Beta8
3.0.0.Beta9
3.0.0.Beta10
3.0.0.Beta11
3.0.0.Beta12
3.0.0.Beta13
3.0.0.Beta14
3.0.0.Beta15
3.0.0.Beta16
3.0.0.Beta17
3.0.0.Beta18
3.0.0.Beta19
3.0.0.Beta20
3.0.0.Beta21
3.0.0.Beta22
3.0.0.Beta23
3.0.0.Beta24
3.0.0.Beta25
3.0.0.Beta26
3.0.0.Beta27
3.0.0.Beta28
3.0.0.Beta29
3.0.0.Beta30
3.0.0.Beta31
3.0.0.CR1
3.0.0.Final
3.0.1.Final
3.0.2.CR1
3.0.2.Final
3.0.3.Final
3.0.4.Final
3.0.5.Final
3.0.6.Final
3.0.7.Final
3.0.8.Final
3.0.9.Final
3.0.10.Final
3.1.0.Final

4.*

4.0.0.Alpha1
4.0.0.Alpha2
4.0.0.Alpha3
4.0.0.Alpha4
4.0.0.Alpha5
4.0.0.Alpha6
4.0.0.Alpha7
4.0.0.Alpha8
4.0.0.Alpha9
4.0.0.Alpha10
4.0.0.Beta1
4.0.0.Beta2
4.0.0.CR1
4.0.0.Final

5.*

5.0.0.Alpha1
5.0.0.Alpha2
5.0.0.Alpha3
5.0.0.Alpha4
5.0.0.Alpha5
5.0.0.Alpha6
5.0.0.Alpha7
5.0.0.Beta1
5.0.0.Beta2
5.0.0.Beta3
5.0.0.Beta4
5.0.0.Beta5
5.0.0.CR1
5.0.0.Final

6.*

6.0.0.Alpha1
6.0.0.Alpha2
6.0.0.Alpha3
6.0.0.Alpha4
6.0.0.Alpha5
6.0.0.Beta1
6.0.0.CR1
6.0.0.CR2
6.0.0.CR3
6.0.0.CR4
6.0.0.Final
6.0.1.Final
6.0.2.Final

7.*

7.0.0.Alpha1
7.0.0.Alpha2
7.0.0.Alpha3
7.0.0.Alpha4
7.0.0.Alpha5
7.0.0.Beta1
7.0.0.CR1
7.0.0.Final

8.*

8.0.0.Beta1
8.0.0.Beta2
8.0.0.Beta3
8.0.0.Beta4
8.0.0.Beta5
8.0.0.CR1
8.0.0.Final

9.*

9.0.0.Beta1
9.0.0.Beta2
9.0.0.Beta3
9.0.0.Beta4
9.0.0.Beta5
9.0.0.Beta6
9.0.0.Beta7
9.0.0.Final
9.0.1.Final
9.0.2.Final

10.*

10.0.0.Beta1
10.0.0.Beta2
10.0.0.Beta3
10.0.0.Beta4
10.0.0.Beta5
10.0.0.Beta6
10.0.0.Beta7
10.0.0.Beta8
10.0.0.Beta9
10.0.0.CR1
10.0.0.Final
10.0.2.Final
10.0.3.Final

11.*

11.0.0.Beta1
11.0.0.Beta2
11.0.0.Beta3
11.0.0.Beta4
11.0.0.Beta5
11.0.0.Beta6
11.0.0.Beta7
11.0.0.Beta8
11.0.0.Beta9
11.0.0.Beta10
11.0.0.Final
11.1.0.Final
11.1.1.Final

12.*

12.0.0.Beta1
12.0.0.Beta2
12.0.0.Beta3
12.0.0.Beta4
12.0.0.Final
12.0.1.Final
12.0.3.Final

13.*

13.0.0.Beta1
13.0.0.Beta2
13.0.0.Beta3
13.0.0.Beta4
13.0.0.Beta5
13.0.0.Beta6
13.0.0.Final
13.0.1.Final
13.0.2.Final
13.0.3.Final

14.*

14.0.0.Beta1
14.0.0.Beta2
14.0.0.Beta3
14.0.0.Beta4
14.0.0.Beta5
14.0.0.Final
14.0.1.Final

15.*

15.0.0.Beta1
15.0.0.Final
15.0.1.Final

16.*

16.0.0.Beta1
16.0.0.Beta2
16.0.0.Beta3
16.0.0.Beta4
16.0.0.Beta5
16.0.0.Final

Maven / org.wildfly.core:wildfly-server

Package

Name
org.wildfly.core:wildfly-server
View open source insights on deps.dev
Purl
pkg:maven/org.wildfly.core/wildfly-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
17.0.0.Beta2
Fixed
17.0.0.Beta3

Affected versions

17.*

17.0.0.Beta2