A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 | Issue Tracking Patch Vendor Advisory |
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 | Patch Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 | Issue Tracking Patch Vendor Advisory |
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 05:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 - Issue Tracking, Patch, Vendor Advisory | |
References | () https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 - Patch, Third Party Advisory |
Information
Published : 2020-05-04 17:15
Updated : 2024-11-21 05:11
NVD link : CVE-2020-1732
Mitre link : CVE-2020-1732
CVE.ORG link : CVE-2020-1732
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
- soteria
- jboss_enterprise_application_platform_continuous_delivery
- openshift_application_runtimes