CVE-2020-1732 — Improper Access Control in Redhat Soteria

CWE-284 — Improper Access Control CWE-20 — Improper Input Validation6 documents5 sources

Severity

4.2MEDIUMNVD

EPSS

0.1%

top 67.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Soteria RED HAT Soteria Redhat Jboss Enterprise Application Platform

Timeline

PublishedMay 4

Latest updateMay 24

Description

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages3 packages

▶NVDredhat/soteria< 1.0.1

▶CVEListV5red_hat/soteriabefore 1.0.1

▶NVDredhat/jboss_enterprise_application_platform7.0.0

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-4x5f-xw5j-gv58: A flaw was found in Soteria before 1↗2022-05-24

▶

CVEList

CVE-2020-1732: A flaw was found in Soteria before 1↗2020-05-04

▶

📋Vendor Advisories

Red Hat

Soteria: security identity corruption across concurrent threads↗2020-02-14

▶

💬Community

Bugzilla

CVE-2020-25676 ImageMagick: outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c and MagickCore/cache.c↗2020-10-27

▶

Bugzilla

CVE-2020-1732 Soteria: security identity corruption across concurrent threads↗2020-02-11

▶