CVE-2021-3717

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

Published: May 24, 2022
Updated: May 9, 2024
CVE: CVE-2021-3717
GHSA: GHSA-p9xf-3rm3-qh2h
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-552

Affected Software
References

Software	From	Fixed in
redhat / wildfly_core	-	17.0
redhat / jboss_enterprise_application_platform	7.4	7.4.x
redhat / jboss_enterprise_application_platform	7.3	7.3.x
org.wildfly.core / wildfly-core-parent	-	17.0

https://bugzilla.redhat.com/show_bug.cgi?id=1991305
https://security.netapp.com/advisory/ntap-20220804-0002/

Vulnerability Database

289,599

CVE-2021-3717