Bug 1801726 (CVE-2020-1732)
Summary: | CVE-2020-1732 Soteria: security identity corruption across concurrent threads | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | aboyko, aileenc, akoufoud, alazarot, almorale, anstephe, asoldano, atangrin, avibelli, bbaranow, bgeorges, bmaxwell, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dingyichen, dkreling, dosoudil, drieden, etirelli, extras-orphan, fnasser, ggaughan, gvarsami, ibek, iweiss, janstey, jason.greene, jawilson, jbalunas, jboss-set, jcoleman, jochrist, jolee, jpallich, jperkins, jschatte, jstastny, jwon, kconner, krathod, kverlaen, kwills, ldimaggi, lef, lgao, loleary, lthon, mnovotny, msochure, msvehla, mszynkie, nwallace, paradhya, pdrozd, pgallagh, pjindal, pmackay, psampaio, psotirop, puntogil, rfreire, rguimara, rrajasek, rruss, rsvoboda, rsynek, rwagner, sdaley, security-response-team, smaestri, spinder, sthorger, tcunning, theute, tkirby, tom.jenkinson, vhalbert |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | soteria 1.0.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in WildFly where multiple requests occurring concurrently could be handled using the identity of another request. This vulnerability occurs when using EE Security with WildFly Elytron. The largest threat from this vulnerability is data confidentiality and integrity.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-12 10:32:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1798612 |
Description
Guilherme de Almeida Suckevicz
2020-02-11 14:33:30 UTC
This vulnerability is out of security support scope for the following product: * SOA Platform 5 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details. This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 Via RHSA-2020:2058 https://access.redhat.com/errata/RHSA-2020:2058 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 Via RHSA-2020:2059 https://access.redhat.com/errata/RHSA-2020:2059 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 Via RHSA-2020:2060 https://access.redhat.com/errata/RHSA-2020:2060 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2020:2061 https://access.redhat.com/errata/RHSA-2020:2061 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1732 This issue has been addressed in the following products: EAP-CD 19 Tech Preview Via RHSA-2020:2333 https://access.redhat.com/errata/RHSA-2020:2333 This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2020:2905 https://access.redhat.com/errata/RHSA-2020:2905 |