Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-3644
Summary
A flaw was found in wildfly-core prior to 16.0.1.Final, and 17.0.x prior to 17.0.0.Beta3. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.
- HIGH
- NETWORK
- LOW
- UNCHANGED
- NONE
- HIGH
- LOW
- NONE
CWE-200 - Information Exposure
An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.
References
Advisory Timeline
- Published