A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 | Issue Tracking Patch Vendor Advisory |
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2020-05-04 17:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-1732
Mitre link : CVE-2020-1732
CVE.ORG link : CVE-2020-1732
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
- jboss_enterprise_application_platform_continuous_delivery
- soteria
- openshift_application_runtimes