CVE-2023-4061
Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.
Se encontró una falla en wildfly-core. Un usuario de administración podría usar la expresión de resolución en la interfaz HAL para leer posible información confidencial del sistema Wildfly. Este problema podría permitir que un usuario malintencionado acceda al sistema y obtenga posible información confidencial del sistema.
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-08-01 CVE Reserved
- 2023-10-06 CVE Published
- 2024-11-22 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:5484 | 2023-11-16 | |
| https://access.redhat.com/errata/RHSA-2023:5485 | 2023-11-16 | |
| https://access.redhat.com/errata/RHSA-2023:5486 | 2023-11-16 | |
| https://access.redhat.com/errata/RHSA-2023:5488 | 2023-11-16 | |
| https://access.redhat.com/security/cve/CVE-2023-4061 | 2023-10-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2228608 | 2023-10-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.4 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.4 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.4 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.4" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | - | text-only |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Wildfly Core Search vendor "Redhat" for product "Wildfly Core" | < 15.0.30 Search vendor "Redhat" for product "Wildfly Core" and version " < 15.0.30" | - |
Affected
| ||||||