Vulnerability Name: | CVE-2020-1732 (CCN-181358) | ||||||||||||
Assigned: | 2019-11-27 | ||||||||||||
Published: | 2020-05-04 | ||||||||||||
Updated: | 2020-05-08 | ||||||||||||
Summary: | A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request. | ||||||||||||
CVSS v3 Severity: | 4.2 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) 3.7 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-20 | ||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-1732 Source: CCN Type: Red Hat Bugzilla Bug 1801726 (CVE-2020-1732) - CVE-2020-1732 Soteria: security identity corruption across concurrent threads Source: CONFIRM Type: Issue Tracking, Patch, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 Source: XF Type: UNKNOWN wildfly-cve20201732-sec-bypass(181358) Source: CCN Type: Soteria GIT Repository Merge pull request #1 from darranl/CVE-2020-1732 Source: CONFIRM Type: Patch, Third Party Advisory https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||||||
BACK |