CVE-2020-1732

EPSS 0.13%
Published 04.05.2020 17:15:12
Last modified 21.11.2024 05:11:15
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Affected products Warnungen 0 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Soteria Version < 1.0.1

Redhat ≫ Jboss Enterprise Application Platform Version7.0.0

Redhat ≫ Jboss Enterprise Application Platform Continuous Delivery Version-

Redhat ≫ Openshift Application Runtimes Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.295

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:P/I:P/A:N
secalert@redhat.com	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732

Patch

Vendor Advisory

Issue Tracking

https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1732

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1732

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1732

EUVD