CVE-2020-1748 Information

Description

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001 where the WildFlySecurityManager checks were bypassed when using custom security managers resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1807707 https://security.netapp.com/advisory/ntap-20201001-0005/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5