CVE-2020-1732

Current Description

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Basic Data

PublishedMay 04, 2020
Last ModifiedMay 08, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.9
SeverityMEDIUM
Exploitability Score6.8
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatSoteria********1.0.1
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatJboss Enterprise Application Platform7.0.0*******
    2.3ApplicationRedhatJboss Enterprise Application Platform Continuous Delivery-*******
    2.3ApplicationRedhatOpenshift Application Runtimes-*******

Vulnerable Software List

VendorProductVersions
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Soteria *
Redhat Openshift Application Runtimes -
Redhat Jboss Enterprise Application Platform Continuous Delivery -

References

NameSourceURLTags
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732CONFIRMIssue Tracking Patch Vendor Advisory
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54CONFIRMPatch Third Party Advisory