Common vulnerabilities and Exposures (CVE)

Skip to main content

Required CVE Record Information

Description

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.

CVSS 1 Total

Learn more
ScoreSeverityVersionVector String
6.5MEDIUM3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Product Status

Learn more

Versions 2 Total

Default Status: unaffected

affected

  • affected from before 27.0.1.Final 
  • affected from 28.0.0.Beta1 before 28.0.0.Beta2 

Versions 0 Total

Default Status: All versions are unaffected

Versions 1 Total

Default Status: affected

unaffected

  • unaffected from 0:4.1.119-1.Final_redhat_00004.1.el8eap 

Versions 1 Total

Default Status: affected

unaffected

  • unaffected from 0:4.1.119-1.Final_redhat_00004.1.el8eap 

Versions 1 Total

Default Status: affected

unaffected

  • unaffected from 0:7.4.21-3.GA_29548_redhat_00001.1.el8eap 

Versions 1 Total

Default Status: affected

unaffected

  • unaffected from 0:4.1.119-1.Final_redhat_00004.1.el9eap 

Versions 1 Total

Default Status: affected

unaffected

  • unaffected from 0:4.1.119-1.Final_redhat_00004.1.el9eap 

Versions 1 Total

Default Status: affected

unaffected

  • unaffected from 0:7.4.21-3.GA_29548_redhat_00001.1.el9eap 

Versions 1 Total

Default Status: affected

unaffected

  • unaffected from 0:4.1.119-1.Final_redhat_00004.1.el7eap 

Versions 1 Total

Default Status: affected

unaffected

  • unaffected from 0:4.1.119-1.Final_redhat_00004.1.el7eap 

Versions 1 Total

Default Status: affected

unaffected

  • unaffected from 0:7.4.21-3.GA_29548_redhat_00001.1.el7eap 

Versions 0 Total

Default Status: All versions are affected

Versions 0 Total

Default Status: All versions are affected

Versions 0 Total

Default Status: All versions are unknown

Versions 0 Total

Default Status: All versions are unknown

Versions 0 Total

Default Status: All versions are affected

Versions 0 Total

Default Status: All versions are unaffected

Versions 0 Total

Default Status: All versions are unknown

Versions 0 Total

Default Status: All versions are unknown

Credits

  • Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue.

Authorized Data Publishers

Learn more