N/A

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.

N/A

信息暴露

Red Hat Wildfly 访问控制错误漏洞

Red Hat Wildfly是美国红帽（Red Hat）公司的一款基于JavaEE的轻量级开源应用服务器。 WildFly Core 存在访问控制错误漏洞，该漏洞源于对保管库表达式的访问限制不当。如果 Vault 表达式采用包含多个表达式的单个属性的形式，则具有管理界面访问权限的远程用户可以访问受限制的 Vault 并检索存储在 Vault 中的项目。以下产品和版本受到影响：Wildfly Core: 1.0.0, 1.0.1, 1.0.2, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.

N/A

N/A