Vulnerability Description
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Soteria | < 1.0.1 |
| Redhat | Jboss Enterprise Application Platform | 7.0.0 |
| Redhat | Jboss Enterprise Application Platform Continuous Delivery | - |
| Redhat | Openshift Application Runtimes | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732Issue TrackingPatchVendor Advisory
- https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5ePatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732Issue TrackingPatchVendor Advisory
- https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5ePatchThird Party Advisory
FAQ
What is CVE-2020-1732?
CVE-2020-1732 is a vulnerability with a CVSS score of 4.2 (MEDIUM). A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elyt...
How severe is CVE-2020-1732?
CVE-2020-1732 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1732?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Soteria, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Application Platform Continuous Delivery, Redhat Openshift Application Runtimes.