Skip to main content

Insecure Default Initialization of Resource

CVE-2022-1278

Severity High
Score 7.5/10

Summary

A flaw was found in WildFly versions prior to 27.0.0.Beta1, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-1188 - Insecure Default Initialization of Resource

The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

Advisory Timeline

  • Published