CVE-2020-1732

EPSS 0.13%
Veröffentlicht 04.05.2020 17:15:12
Zuletzt bearbeitet 21.11.2024 05:11:15
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Soteria Version < 1.0.1

Redhat ≫ Jboss Enterprise Application Platform Version7.0.0

Redhat ≫ Jboss Enterprise Application Platform Continuous Delivery Version-

Redhat ≫ Openshift Application Runtimes Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.295

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:P/I:P/A:N
secalert@redhat.com	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732

Patch

Vendor Advisory

Issue Tracking

https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1732

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1732

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1732

EUVD