Back to search
CVE-2021-3644
Published: Aug 26, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.
| Vendor | Product | Versions |
|---|---|---|
n/a | wildfly-core | affected Fixed in 16.0.1.Final, 17.0.0.Final and later. |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1976052
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-3644
x_refsource_MISC
https://issues.redhat.com/browse/WFCORE-5511
x_refsource_MISC
https://github.com/wildfly/wildfly-core/pull/4668
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now