Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1732

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Published

2020-05-04T17:15:12.357

Last Modified

2024-11-21T05:11:15.877

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	soteria	< 1.0.1	Yes
Application	redhat	jboss_enterprise_application_platform	7.0.0	Yes
Application	redhat	jboss_enterprise_application_platform_continuous_delivery	-	Yes
Application	redhat	openshift_application_runtimes	-	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 Issue Tracking, Patch, Vendor Advisory ([email protected])
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 Patch, Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)