First published: Fri Apr 09 2021(Updated: )
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/Wildfly | <23.0.2. | 23.0.2. |
redhat/eap7-elytron-web | <0:1.6.3-1.Final_redhat_00001.1.el6ea | 0:1.6.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hal-console | <0:3.2.15-1.Final_redhat_00001.1.el6ea | 0:3.2.15-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate | <0:5.3.20-3.SP1_redhat_00001.1.el6ea | 0:5.3.20-3.SP1_redhat_00001.1.el6ea |
redhat/eap7-infinispan | <0:9.4.23-1.Final_redhat_00001.1.el6ea | 0:9.4.23-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar | <0:1.4.33-1.Final_redhat_00001.1.el6ea | 0:1.4.33-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jberet | <0:1.3.8-1.Final_redhat_00001.1.el6ea | 0:1.3.8-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-remoting | <0:5.0.23-1.Final_redhat_00001.1.el6ea | 0:5.0.23-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-7.Final_redhat_00008.1.el6ea | 0:1.7.2-7.Final_redhat_00008.1.el6ea |
redhat/eap7-netty | <0:4.1.63-1.Final_redhat_00001.1.el6ea | 0:4.1.63-1.Final_redhat_00001.1.el6ea |
redhat/eap7-undertow | <0:2.0.38-1.SP1_redhat_00001.1.el6ea | 0:2.0.38-1.SP1_redhat_00001.1.el6ea |
redhat/eap7-wildfly | <0:7.3.8-1.GA_redhat_00001.1.el6ea | 0:7.3.8-1.GA_redhat_00001.1.el6ea |
redhat/eap7-wildfly-elytron | <0:1.10.13-1.Final_redhat_00001.1.el6ea | 0:1.10.13-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-http-client | <0:1.0.28-1.Final_redhat_00001.1.el6ea | 0:1.0.28-1.Final_redhat_00001.1.el6ea |
redhat/eap7-elytron-web | <0:1.6.3-1.Final_redhat_00001.1.el7ea | 0:1.6.3-1.Final_redhat_00001.1.el7ea |
redhat/eap7-hal-console | <0:3.2.15-1.Final_redhat_00001.1.el7ea | 0:3.2.15-1.Final_redhat_00001.1.el7ea |
redhat/eap7-hibernate | <0:5.3.20-3.SP1_redhat_00001.1.el7ea | 0:5.3.20-3.SP1_redhat_00001.1.el7ea |
redhat/eap7-infinispan | <0:9.4.23-1.Final_redhat_00001.1.el7ea | 0:9.4.23-1.Final_redhat_00001.1.el7ea |
redhat/eap7-ironjacamar | <0:1.4.33-1.Final_redhat_00001.1.el7ea | 0:1.4.33-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jberet | <0:1.3.8-1.Final_redhat_00001.1.el7ea | 0:1.3.8-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-remoting | <0:5.0.23-1.Final_redhat_00001.1.el7ea | 0:5.0.23-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-7.Final_redhat_00008.1.el7ea | 0:1.7.2-7.Final_redhat_00008.1.el7ea |
redhat/eap7-netty | <0:4.1.63-1.Final_redhat_00001.1.el7ea | 0:4.1.63-1.Final_redhat_00001.1.el7ea |
redhat/eap7-undertow | <0:2.0.38-1.SP1_redhat_00001.1.el7ea | 0:2.0.38-1.SP1_redhat_00001.1.el7ea |
redhat/eap7-wildfly | <0:7.3.8-1.GA_redhat_00001.1.el7ea | 0:7.3.8-1.GA_redhat_00001.1.el7ea |
redhat/eap7-wildfly-elytron | <0:1.10.13-1.Final_redhat_00001.1.el7ea | 0:1.10.13-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-http-client | <0:1.0.28-1.Final_redhat_00001.1.el7ea | 0:1.0.28-1.Final_redhat_00001.1.el7ea |
redhat/eap7-elytron-web | <0:1.6.3-1.Final_redhat_00001.1.el8ea | 0:1.6.3-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hal-console | <0:3.2.15-1.Final_redhat_00001.1.el8ea | 0:3.2.15-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hibernate | <0:5.3.20-3.SP1_redhat_00001.1.el8ea | 0:5.3.20-3.SP1_redhat_00001.1.el8ea |
redhat/eap7-infinispan | <0:9.4.23-1.Final_redhat_00001.1.el8ea | 0:9.4.23-1.Final_redhat_00001.1.el8ea |
redhat/eap7-ironjacamar | <0:1.4.33-1.Final_redhat_00001.1.el8ea | 0:1.4.33-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jberet | <0:1.3.8-1.Final_redhat_00001.1.el8ea | 0:1.3.8-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-remoting | <0:5.0.23-1.Final_redhat_00001.1.el8ea | 0:5.0.23-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-7.Final_redhat_00008.1.el8ea | 0:1.7.2-7.Final_redhat_00008.1.el8ea |
redhat/eap7-netty | <0:4.1.63-1.Final_redhat_00001.1.el8ea | 0:4.1.63-1.Final_redhat_00001.1.el8ea |
redhat/eap7-undertow | <0:2.0.38-1.SP1_redhat_00001.1.el8ea | 0:2.0.38-1.SP1_redhat_00001.1.el8ea |
redhat/eap7-wildfly | <0:7.3.8-1.GA_redhat_00001.1.el8ea | 0:7.3.8-1.GA_redhat_00001.1.el8ea |
redhat/eap7-wildfly-elytron | <0:1.10.13-1.Final_redhat_00001.1.el8ea | 0:1.10.13-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-http-client | <0:1.0.28-1.Final_redhat_00001.1.el8ea | 0:1.0.28-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly | <0:7.4.1-2.GA_redhat_00003.1.el8ea | 0:7.4.1-2.GA_redhat_00003.1.el8ea |
redhat/eap7-wildfly | <0:7.4.1-2.GA_redhat_00003.1.el7ea | 0:7.4.1-2.GA_redhat_00003.1.el7ea |
Redhat Build Of Quarkus | ||
Redhat Data Grid | =8.0 | |
Redhat Descision Manager | =7.0 | |
Redhat Integration Camel K | ||
Redhat Integration Camel Quarkus | ||
Redhat Integration Service Registry | ||
Redhat Jboss A-mq | =7 | |
Redhat Jboss Enterprise Application Platform | =7.0 | |
Redhat Wildfly | <23.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)