GHSA-7fhr-2694-rg79

Source

https://github.com/advisories/GHSA-7fhr-2694-rg79

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-7fhr-2694-rg79/GHSA-7fhr-2694-rg79.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7fhr-2694-rg79

Aliases

CVE-2020-10714

Published

2022-02-15T01:39:57Z

Modified

2024-02-22T05:33:15.390908Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Session Fixation in WildFly Elytron

Details

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages

Maven / org.wildfly.security:wildfly-elytron

Package

Name: org.wildfly.security:wildfly-elytron; View open source insights on deps.dev
Purl: pkg:maven/org.wildfly.security/wildfly-elytron

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.4

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha2

1.0.0.Alpha3

1.0.0.CR1

1.0.0.Final

1.0.1.Final

1.0.2.Final

1.0.3.Final

1.0.4.Final

1.1.0.Alpha1

1.1.0.Beta1

1.1.0.Beta2

1.1.0.Beta3

1.1.0.Beta4

1.1.0.Beta5

1.1.0.Beta6

1.1.0.Beta7

1.1.0.Beta8

1.1.0.Beta9

1.1.0.Beta10

1.1.0.Beta11

1.1.0.Beta12

1.1.0.Beta13

1.1.0.Beta14

1.1.0.Beta15

1.1.0.Beta16

1.1.0.Beta17

1.1.0.Beta18

1.1.0.Beta19

1.1.0.Beta20

1.1.0.Beta21

1.1.0.Beta22

1.1.0.Beta23

1.1.0.Beta24

1.1.0.Beta25

1.1.0.Beta26

1.1.0.Beta27

1.1.0.Beta28

1.1.0.Beta29

1.1.0.Beta30

1.1.0.Beta31

1.1.0.Beta31-SP1

1.1.0.Beta32

1.1.0.Beta33

1.1.0.Beta34

1.1.0.Beta35

1.1.0.Beta36

1.1.0.Beta37

1.1.0.Beta38

1.1.0.Beta39

1.1.0.Beta40

1.1.0.Beta41

1.1.0.Beta42

1.1.0.Beta43

1.1.0.Beta44

1.1.0.Beta45

1.1.0.Beta46

1.1.0.Beta47

1.1.0.Beta48

1.1.0.Beta49

1.1.0.Beta50

1.1.0.Beta51

1.1.0.Beta52

1.1.0.Beta53

1.1.0.Beta54

1.1.0.Beta55

1.1.0.CR1

1.1.0.CR2

1.1.0.CR3

1.1.0.CR4

1.1.0.CR5

1.1.0.CR6

1.1.0.Final

1.1.1.Final

1.1.2.CR1

1.1.2.Final

1.1.3.Final

1.1.4.Final

1.1.5.Final

1.1.6.Final

1.1.7.Final

1.1.9.Final

1.1.10.Final

1.1.11.Final

1.1.12.Final

1.2.0.Beta1

1.2.0.Beta2

1.2.0.Beta3

1.2.0.Beta4

1.2.0.Beta5

1.2.0.Beta6

1.2.0.Beta7

1.2.0.Beta8

1.2.0.Beta9

1.2.0.Beta10

1.2.0.Beta11

1.2.0.Beta12

1.2.0.Final

1.2.1.Final

1.2.2.Final

1.2.3.Final

1.2.4.Final

1.3.0.Final

1.3.1.Final

1.3.2.Final

1.3.3.Final

1.4.0.Final

1.5.0.Final

1.5.1.Final

1.5.2.Final

1.5.3.Final

1.5.4.Final

1.5.5.Final

1.6.0.Final

1.6.1.Final

1.6.2.Final

1.6.3.Final

1.6.4.Final

1.6.5.Final

1.6.6.Final

1.6.7.Final

1.6.8.Final

1.7.0.CR1

1.7.0.CR2

1.7.0.CR3

1.7.0.Final

1.8.0.CR1

1.8.0.CR2

1.8.0.Final

1.9.0.CR1

1.9.0.CR2

1.9.0.CR3

1.9.0.CR4

1.9.0.CR5

1.9.0.Final

1.9.1.Final

1.10.0.CR1

1.10.0.CR2

1.10.0.CR3

1.10.0.CR4

1.10.0.CR5

1.10.0.CR6

1.10.0.Final

1.10.1.Final

1.10.2.Final

1.10.3.Final

1.10.4.Final

1.10.5.Final

1.10.6.Final

1.10.7.Final

1.10.8.Final

1.10.9.Final

1.10.10.Final

1.10.11.Final

1.10.12.Final

1.10.13.Final

1.10.14.Final

1.10.15.Final

1.11.0.CR1

1.11.0.CR2

1.11.0.CR3

1.11.0.CR4

1.11.0.CR5

1.11.0.Final

1.11.1.Final

1.11.2.Final

1.11.3.Final

Database specific

{
    "last_known_affected_version_range": "<= 1.11.3"
}