CVE-2023-4061

CWE-200 — Information Exposure5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 57.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Wildfly Core Redhat Jboss Enterprise Application Platform

Timeline

PublishedNov 8

Description

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDredhat/wildfly_core< 15.0.30

▶Mavenorg.wildfly.core:wildfly-controller< 22.0.0.Final

▶NVDredhat/jboss_enterprise_application_platform7.4

🔴Vulnerability Details

OSV

wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability↗2023-11-08

▶

CVEList

Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor↗2023-11-08

▶

GHSA

wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability↗2023-11-08

▶

📋Vendor Advisories

Red Hat

wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor↗2023-10-05

▶