Access Restriction Bypass

Affecting org.wildfly.core:wildfly-controller artifact, versions [0,]

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

org.wildfly.core:wildfly-controller is a The core runtime that is used by the WildFly application server.

Affected versions of this package are vulnerable to Access Restriction Bypass. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault.

Remediation

There is no fixed version for org.wildfly.core:wildfly-controller.

References

CVSS Score

3.3
low severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    High
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    Low
  • Availability
    None
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
Credit
Unknown
CVE
CVE-2021-3644
CWE
CWE-284
Snyk ID
SNYK-JAVA-ORGWILDFLYCORE-1318892
Disclosed
14 Jul, 2021
Published
15 Jul, 2021