Lucene search

K
osvGoogleOSV:GHSA-W88M-2936-RMXR
HistoryAug 27, 2022 - 12:00 a.m.

wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault

2022-08-2700:00:45
Google
osv.dev
5

3.3 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

3.2 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:M/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

37.2%

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

3.3 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

3.2 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:M/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

37.2%

Related for OSV:GHSA-W88M-2936-RMXR