Lucene search
RedhatCVELIST:CVE-2021-3644HistoryAug 26, 2022 - 3:25 p.m.
CVE-2021-3644
2022-08-2615:25:40
CWE-200
redhat
www.cve.org
9
wildfly-core
unauthorized access
vault expressions
data confidentiality
integrity
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.
CNA Affected
[
{
"product": "wildfly-core",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 16.0.1.Final, 17.0.0.Final and later."
}
]
}
]References
access.redhat.com/security/cve/CVE-2021-3644
bugzilla.redhat.com/show_bug.cgi?id=1976052
github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714
github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b
github.com/wildfly/wildfly-core/pull/4668
issues.redhat.com/browse/WFCORE-5511
Related
redhatcve
redhatcve
CVE-2021-3644
2021-07-15 01:51:57
prion
prion
Design/Logic Flaw
2022-08-26 16:15:00
osv
osv
BIT-wildfly-2021-3644
2024-03-06 11:08:38
CVE-2021-3644
2022-08-26 16:15:09
github
github
cve
cve
CVE-2021-3644
2022-08-26 16:15:09
nvd
nvd
CVE-2021-3644
2022-08-26 16:15:09
redhat
redhat
