Back to bug 1830206
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Ted Jongseok Won | 2020-05-01 05:29:50 UTC | CC | security-response-team | |
| Ted Jongseok Won | 2020-05-01 05:34:32 UTC | Doc Type | --- | If docs needed, set a value |
| Eric Christensen | 2020-05-11 19:49:30 UTC | Doc Text | A flaw was found in WildFly Elytron. Session fixation exploit where WildFly Elytron is in use has identified a possible variation to make use of a session fixation exploit when using Undertow despite Undertow switching the session ID AFTER authentication. | A flaw was found in WildFly Elytron. A variation to the the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. |
| Martin Prpič | 2021-03-26 18:11:21 UTC | Doc Text | A flaw was found in WildFly Elytron. A variation to the the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. | A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. |
| Ted Jongseok Won | 2021-10-28 09:54:43 UTC | Summary | EMBARGOED undertow: session fixation variation when using FORM authentication | EMBARGOED wildfly-elytron: session fixation variation when using Undertow FORM authentication |
| Ted Jongseok Won | 2021-10-28 10:02:47 UTC | CC | eleandro, fjuma, jpallich, yborgess | |
| Ted Jongseok Won | 2021-10-28 11:11:57 UTC | Summary | EMBARGOED wildfly-elytron: session fixation variation when using Undertow FORM authentication | wildfly-elytron: session fixation variation when using Undertow FORM authentication |
| Group | security, qe_staff | |||
| Ted Jongseok Won | 2021-10-28 11:21:10 UTC | CC | aileenc, akoufoud, alazarot, almorale, anstephe, drieden, etirelli, ggaughan, gmalinko, ibek, janstey, jrokos, jstastny, kverlaen, mnovotny, pdelbell, rrajasek, tzimanyi | |
| Pedro Sampaio | 2021-10-28 15:05:19 UTC | Blocks | 2018242 | |
| Guilherme de Almeida Suckevicz | 2021-10-28 20:46:20 UTC | Summary | wildfly-elytron: session fixation variation when using Undertow FORM authentication | CVE-2021-20324 wildfly-elytron: session fixation variation when using Undertow FORM authentication |
| Alias | CVE-2021-20324 | |||
| Ted Jongseok Won | 2021-11-08 23:42:02 UTC | CC | boliveir, pdrozd, sthorger | |
| Red Hat Bugzilla | 2021-12-31 23:34:19 UTC | CC | almorale | |
| Red Hat Bugzilla | 2022-04-19 04:39:05 UTC | CC | ggaughan | |
| Red Hat Bugzilla | 2022-07-31 22:42:22 UTC | CC | tzimanyi | |
| Red Hat Bugzilla | 2022-08-12 04:38:15 UTC | CC | etirelli | |
| Red Hat Bugzilla | 2022-10-28 13:13:09 UTC | CC | krathod | |
| Red Hat Bugzilla | 2022-11-14 23:22:52 UTC | CC | jstastny | |
| Red Hat Bugzilla | 2022-12-31 23:43:21 UTC | CC | aboyko | |
| Pedro Sampaio | 2023-03-22 17:59:31 UTC | Summary | CVE-2021-20324 wildfly-elytron: session fixation variation when using Undertow FORM authentication | wildfly-elytron: session fixation variation when using Undertow FORM authentication |
| Alias | CVE-2021-20324 | |||
| Red Hat Bugzilla | 2023-05-15 18:03:57 UTC | CC | rrajasek | |
| Red Hat Bugzilla | 2023-05-15 18:09:27 UTC | CC | drieden | |
| Red Hat Bugzilla | 2023-05-15 19:53:01 UTC | CC | atangrin | |
| Red Hat Bugzilla | 2023-07-07 08:33:51 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team |
Back to bug 1830206