First published: Wed Aug 02 2023(Updated: )
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.wildfly.core:wildfly-controller | <22.0.0.Final | 22.0.0.Final |
Redhat Jboss Enterprise Application Platform | ||
Redhat Wildfly Core | <15.0.30 | |
Redhat Jboss Enterprise Application Platform | =7.4 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
redhat/wildfly-core | <15.0.30. | 15.0.30. |
All of | ||
Redhat Jboss Enterprise Application Platform | =7.4 | |
Any of | ||
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this security flaw is CVE-2023-4061.
The severity of CVE-2023-4061 is medium (6.5).
The following software is affected by CVE-2023-4061: wildfly-core (version up to 22.0.0.Final), Redhat Wildfly Core (up to version 15.0.30), Redhat JBoss Enterprise Application Platform (version 7.4), Redhat Jboss Enterprise Application Platform (text-only), Redhat Enterprise Linux 7.0, Redhat Enterprise Linux 8.0, Redhat Enterprise Linux 9.0.
A management user with rbac permission can use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system.
The impact of CVE-2023-4061 is that a malicious user could access the system and obtain possible sensitive information from the system.