Bug 2228608 (CVE-2023-4061) - CVE-2023-4061 wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor
Summary: CVE-2023-4061 wildfly-core: Management User RBAC permission allows unexpected...
Keywords:
Status: NEW
Alias: CVE-2023-4061
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2227345
TreeView+ depends on / blocked
 
Reported: 2023-08-02 20:26 UTC by Patrick Del Bello
Modified: 2024-04-03 03:49 UTC (History)
24 users (show)

Fixed In Version: wildfly-core 15.0.30.Final
Doc Type: ---
Doc Text:
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:5484 0 None None None 2023-10-05 20:21:54 UTC
Red Hat Product Errata RHSA-2023:5485 0 None None None 2023-10-05 20:22:27 UTC
Red Hat Product Errata RHSA-2023:5486 0 None None None 2023-10-05 20:23:38 UTC
Red Hat Product Errata RHSA-2023:5488 0 None None None 2023-10-05 20:18:37 UTC

Description Patrick Del Bello 2023-08-02 20:26:50 UTC 
A flaw was found in Wildfly-core. A management user of a role could use the resolve-expression in the HAL Interface and hence read a possible sensitive information from Wildfly system. Note this requires a Management from roles "Monitor" and similar users which is expected to be a small set of users and already high level of access. A malicious user could possibly use this accessing the system with this management user and obtain possible sensitive information from the system.
By default, there's no sensitive information. Wildfly administrators are highly recommended to use Vault and especially the current Elytron subsystem to store potential critical information as DNS, IPs and credentials.
Comment 3 errata-xmlrpc 2023-10-05 20:18:36 UTC 
This issue has been addressed in the following products:

  EAP 7.4.13

Via RHSA-2023:5488 https://access.redhat.com/errata/RHSA-2023:5488
Comment 4 errata-xmlrpc 2023-10-05 20:21:53 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2023:5484 https://access.redhat.com/errata/RHSA-2023:5484
Comment 5 errata-xmlrpc 2023-10-05 20:22:25 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2023:5485 https://access.redhat.com/errata/RHSA-2023:5485
Comment 6 errata-xmlrpc 2023-10-05 20:23:36 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2023:5486 https://access.redhat.com/errata/RHSA-2023:5486
Comment 7 Paramvir jindal 2024-04-03 03:49:53 UTC 
Marking EAP-8 as not affected because EAP 8 GA was released with the fixed version.
Note You need to log in before you can comment on or make changes to this bug.