A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 | Issue Tracking Patch Vendor Advisory |
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-05-04T16:43:21
Updated: 2020-05-04T16:43:21
Reserved: 2019-11-27T00:00:00
Link: CVE-2020-1732
JSON object: View
NVD Information
Status : Modified
Published: 2020-05-04T17:15:12.357
Modified: 2023-11-07T03:19:30.467
Link: CVE-2020-1732
JSON object: View
Redhat Information
No data.