13 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. Se ha encontrado un fallo en WildFly, en el que un atacante puede visualizar los nombres de los despliegues, los endpoints y cualquier otro dato que pueda contener la carga útil de rastreo A flaw was found in WildFly. This flaw allows an attacker to see deployment names, endpoints, and any other data the trace payload may contain. • https://bugzilla.redhat.com/show_bug.cgi?id=2073401 https://access.redhat.com/security/cve/CVE-2022-1278 • CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality. Se ha encontrado un fallo en Wildfly en el que unas restricciones RBAC insuficientes pueden conllevar a una exposición de datos de métricas. La mayor amenaza de esta vulnerabilidad es la confidencialidad. • https://access.redhat.com/security/cve/CVE-2021-3503 https://bugzilla.redhat.com/show_bug.cgi?id=1942693 https://github.com/advisories/GHSA-c4r5-xvgw-2942 https://github.com/wildfly/wildfly/pull/14136 https://issues.redhat.com/browse/WFLY-11933 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity. Se ha encontrado un fallo en wildfly-core en todas las versiones. Si una expresión de bóveda está en la forma de un solo atributo que contiene múltiples expresiones, un usuario al que le ha sido concedido acceso a la interfaz de administración puede potencialmente acceder a una expresión de bóveda a la que no debería poder acceder y posiblemente recuperar el elemento que estaba almacenado en la bóveda. • https://access.redhat.com/security/cve/CVE-2021-3644 https://bugzilla.redhat.com/show_bug.cgi?id=1976052 https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714 https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b https://github.com/wildfly/wildfly-core/pull/4668 https://issues.redhat.com/browse/WFCORE-5511 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.8EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. Se encontró un fallo en Wildfly en versiones anteriores a 23.0.2.Final, mientras se crea un nuevo rol en el modo de dominio por medio de la consola de administración, es posible agregar una carga útil en el campo name, conllevando a una vulnerabilidad de tipo XSS. Esto afecta la Confidencialidad y la Integridad A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). • https://bugzilla.redhat.com/show_bug.cgi?id=1948001 https://access.redhat.com/security/cve/CVE-2021-3536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability. Se encontró un fallo en Wildfly afectando a versiones 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final y 21.0.0.Final. • https://bugzilla.redhat.com/show_bug.cgi?id=1904060 https://access.redhat.com/security/cve/CVE-2020-27822 https://issues.redhat.com/browse/WFLY-14094 • CWE-401: Missing Release of Memory after Effective Lifetime •