CVE-2020-1732

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Published: May 4, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-1732
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.2
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
redhat / soteria	-	1.0.1
redhat / jboss_enterprise_application_platform	7.0.0	7.0.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54

Vulnerability Database

289,599

CVE-2020-1732