Main Vulnerability Database SB2021071901

SB2021071901 - Security restrictins bypass in WildFly Core

Published: July 19, 2021

Security Bulletin ID SB2021071901

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2021-3644)

The vulnerability allows a remote user to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions to vault expressions. A remote user with access to management interface can can access restricted vault and retrieve items stored in the vault, if a vault expression is in the form of a single attribute that contains multiple expressions.

Remediation

Install update from vendor's website.

References

https://github.com/wildfly/wildfly-core/releases/tag/16.0.1.Final
https://bugzilla.redhat.com/show_bug.cgi?id=1976052