Vulnerabilities > CVE-2020-1748 - Unspecified vulnerability in Redhat Wildfly Elytron

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2020-09-16

Updated: 2022-04-28

Summary

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Wildfly Elytron - Redhat Wildfly Elytron 1.0.0 Redhat Wildfly Elytron 1.0.1 Redhat Wildfly Elytron 1.0.2 Redhat Wildfly Elytron 1.0.3 Redhat Wildfly Elytron 1.0.4 Redhat Wildfly Elytron 1.0.5 Redhat Wildfly Elytron 1.0.6 Redhat Wildfly Elytron 1.0.7 Redhat Wildfly Elytron 1.0.8 Redhat Wildfly Elytron 1.0.9 Redhat Wildfly Elytron 1.1.0 Redhat Wildfly Elytron 1.1.1 Redhat Wildfly Elytron 1.1.2 Redhat Wildfly Elytron 1.1.3 Redhat Wildfly Elytron 1.1.4 Redhat Wildfly Elytron 1.1.5 Redhat Wildfly Elytron 1.1.6 Redhat Wildfly Elytron 1.1.7 Redhat Wildfly Elytron 1.1.8 Redhat Wildfly Elytron 1.1.9 Redhat Wildfly Elytron 1.1.10 Redhat Wildfly Elytron 1.1.11 Redhat Wildfly Elytron 1.1.12 Redhat Wildfly Elytron 1.2.0 Redhat Wildfly Elytron 1.2.1 Redhat Wildfly Elytron 1.2.2 Redhat Wildfly Elytron 1.2.3 Redhat Wildfly Elytron 1.2.4 Redhat Wildfly Elytron 1.3.0 Redhat Wildfly Elytron 1.3.1 Redhat Wildfly Elytron 1.3.2 Redhat Wildfly Elytron 1.3.3 Redhat Wildfly Elytron 1.4.0 Redhat Wildfly Elytron 1.4.1 Redhat Wildfly Elytron 1.5.0 Redhat Wildfly Elytron 1.5.1 Redhat Wildfly Elytron 1.5.2 Redhat Wildfly Elytron 1.5.3 Redhat Wildfly Elytron 1.5.4 Redhat Wildfly Elytron 1.5.5 Redhat Wildfly Elytron 1.6.0 Redhat Wildfly Elytron 1.6.1 Redhat Wildfly Elytron 1.6.2 Redhat Wildfly Elytron 1.6.3 Redhat Wildfly Elytron 1.6.4 Redhat Wildfly Elytron 1.6.5 Redhat Wildfly Elytron 1.6.6 Redhat Wildfly Elytron 1.6.7 Redhat Wildfly Elytron 1.6.8 Redhat Decision Manager 7.0 Redhat Process Automation 7.0	151

Summary

Vulnerable Configurations

References