Bug 1807707 (CVE-2020-1748) - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
Summary: CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-1748
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1807708
TreeView+ depends on / blocked
 
Reported: 2020-02-27 01:56 UTC by Pedro Sampaio
Modified: 2020-12-15 16:04 UTC (History)
81 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-08-17 15:15:47 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:3461 0 None None None 2020-08-17 13:28:23 UTC
Red Hat Product Errata RHSA-2020:3462 0 None None None 2020-08-17 13:30:35 UTC
Red Hat Product Errata RHSA-2020:3463 0 None None None 2020-08-17 13:34:04 UTC
Red Hat Product Errata RHSA-2020:3464 0 None None None 2020-08-17 13:26:05 UTC
Red Hat Product Errata RHSA-2020:3501 0 None None None 2020-08-18 16:35:12 UTC
Red Hat Product Errata RHSA-2020:3539 0 None None None 2020-09-02 09:47:46 UTC
Red Hat Product Errata RHSA-2020:3637 0 None None None 2020-09-07 12:56:20 UTC
Red Hat Product Errata RHSA-2020:3638 0 None None None 2020-09-07 13:02:26 UTC
Red Hat Product Errata RHSA-2020:3639 0 None None None 2020-09-07 12:59:18 UTC
Red Hat Product Errata RHSA-2020:3642 0 None None None 2020-09-07 13:06:43 UTC
Red Hat Product Errata RHSA-2020:3779 0 None None None 2020-09-17 13:08:37 UTC
Red Hat Product Errata RHSA-2020:4960 0 None None None 2020-11-05 18:47:34 UTC
Red Hat Product Errata RHSA-2020:4961 0 None None None 2020-11-05 18:49:01 UTC

Description Pedro Sampaio 2020-02-27 01:56:37 UTC 
A flaw was found in Wildfly. At certain scenarios WildFlySecurityManager checks can by bypassed when using custom security managers.

References:

https://issues.redhat.com/browse/EAPSUP-67
Comment 8 Kunjan Rathod 2020-04-28 06:42:30 UTC 
This vulnerability is out of security support scope for the following products:
 * Red Hat Enterprise Application Platform 6
 * Red Hat Enterprise Application Platform 5
 * Red Hat JBoss Operations Network 3
 * Red Hat JBoss Data Virtualization & Services 6
 * Red Hat JBoss Fuse 6
 * Red Hat JBoss SOA Platform 5

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Comment 11 errata-xmlrpc 2020-08-17 13:26:00 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2020:3464 https://access.redhat.com/errata/RHSA-2020:3464
Comment 12 errata-xmlrpc 2020-08-17 13:28:18 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6

Via RHSA-2020:3461 https://access.redhat.com/errata/RHSA-2020:3461
Comment 13 errata-xmlrpc 2020-08-17 13:30:31 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7

Via RHSA-2020:3462 https://access.redhat.com/errata/RHSA-2020:3462
Comment 14 errata-xmlrpc 2020-08-17 13:33:59 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8

Via RHSA-2020:3463 https://access.redhat.com/errata/RHSA-2020:3463
Comment 15 Product Security DevOps Team 2020-08-17 15:15:47 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1748
Comment 16 errata-xmlrpc 2020-08-18 16:35:06 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.4.2

Via RHSA-2020:3501 https://access.redhat.com/errata/RHSA-2020:3501
Comment 17 errata-xmlrpc 2020-09-02 09:47:40 UTC 
This issue has been addressed in the following products:

  Red Hat Openshift Application Runtimes

Via RHSA-2020:3539 https://access.redhat.com/errata/RHSA-2020:3539
Comment 18 errata-xmlrpc 2020-09-07 12:56:14 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6

Via RHSA-2020:3637 https://access.redhat.com/errata/RHSA-2020:3637
Comment 19 errata-xmlrpc 2020-09-07 12:59:11 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8

Via RHSA-2020:3639 https://access.redhat.com/errata/RHSA-2020:3639
Comment 20 errata-xmlrpc 2020-09-07 13:02:19 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7

Via RHSA-2020:3638 https://access.redhat.com/errata/RHSA-2020:3638
Comment 21 errata-xmlrpc 2020-09-07 13:06:36 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2020:3642 https://access.redhat.com/errata/RHSA-2020:3642
Comment 23 errata-xmlrpc 2020-09-17 13:08:33 UTC 
This issue has been addressed in the following products:

  Red Hat Data Grid 7.3.7

Via RHSA-2020:3779 https://access.redhat.com/errata/RHSA-2020:3779
Comment 26 errata-xmlrpc 2020-11-05 18:47:31 UTC 
This issue has been addressed in the following products:

  RHDM 7.9.0

Via RHSA-2020:4960 https://access.redhat.com/errata/RHSA-2020:4960
Comment 27 errata-xmlrpc 2020-11-05 18:48:56 UTC 
This issue has been addressed in the following products:

  RHPAM 7.9.0

Via RHSA-2020:4961 https://access.redhat.com/errata/RHSA-2020:4961
Note You need to log in before you can comment on or make changes to this bug.