CVE-2021-3717

Files or Directories Accessible to External Parties in maven/org.wildfly.core/wildfly-core-parent

Identifiers

GHSA-p9xf-3rm3-qh2h, CVE-2021-3717

Package Slug

maven/org.wildfly.core/wildfly-core-parent

Vulnerability

Files or Directories Accessible to External Parties

Description

A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

Affected Versions

All versions before 17.0

Solution

Upgrade to version 17.0 or above.

Last Modified

2022-06-17

source