← Back

CVE-2020-1732

nvd nist
Published: May 4, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.2
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Exploitability: 1.6 / Impact: 2.5
Source: NVD

Description

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Affected (4)

Redhat
4 products
Soteria
Jboss Enterprise Application Platform
Jboss Enterprise Application Platform Continuous Delivery
Openshift Application Runtimes
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Soteria
Before 1.0.1
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Jboss Enterprise Application Platform
Version 7.0.0
Jboss Enterprise Application Platform Continuous Delivery
All versions
Openshift Application Runtimes
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

Source: secalert@redhat.com
Issue TrackingPatchVendor Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.