CVE-2020-1732

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:soteria:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_continuous_delivery:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:11

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 - Issue Tracking, Patch, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 - Issue Tracking, Patch, Vendor Advisory
References () https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 - Patch, Third Party Advisory () https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 - Patch, Third Party Advisory

Information

Published : 2020-05-04 17:15

Updated : 2024-11-21 05:11


NVD link : CVE-2020-1732

Mitre link : CVE-2020-1732

CVE.ORG link : CVE-2020-1732


JSON object : View

Products Affected

redhat

  • jboss_enterprise_application_platform
  • soteria
  • jboss_enterprise_application_platform_continuous_delivery
  • openshift_application_runtimes
CWE
CWE-284

Improper Access Control

CWE-20

Improper Input Validation