Information Disclosure

org.wildfly.core: wildfly-controller is vulnerable to Information Disclosure. The vulnerability is caused by a missing authorization check in the resolve-expression HAL interface while reading a system property or environment variables. This can lead to a malicious user accessing the Wildfly syst...

com.bertoncelj.wildflysingletonservice:wildfly-singleton-service (=1.0.1), com.puresoltechnologies.purifinity.server:systemmonitor.test (>=0.4.0 <=0.4.1) +201 more potentially affected by CVE-2023-4061 via org.wildfly.core:wildfly-controller (>=1.0.0.Alpha1 <=22.0.0.Beta3)

org.wildfly.core:wildfly-controller MAVEN version =1.0.0.Alpha1, =0.4.0, =0.4.0, =0.4.0, =1.2.0, =0.1.0, =0.1.0, =0.12.0.Final, =0.1.0, =1.0.0.Alpha7, =0.1.0, =1.0.0.Alpha7, =1.2.0.Beta1, =1.2.0.Beta3 and more Source cves: CVE-2023-4061 Source advisory: OSV:GHSA-26QX-4M49-6CFR...

Authorization Bypass

wildfly-controller is vulnerable to authorization bypass. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possib...