CVE-2023-4061

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.

Published: Nov 8, 2023
Updated: May 9, 2024
CVE: CVE-2023-4061
GHSA: GHSA-26qx-4m49-6cfr
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
org.wildfly.core / wildfly-controller	-	22.0.0.Final
redhat / wildfly_core	-	15.0.30
redhat / jboss_enterprise_application_platform	7.4	7.4.x

https://access.redhat.com/errata/RHSA-2023:5484
https://access.redhat.com/errata/RHSA-2023:5485
https://access.redhat.com/errata/RHSA-2023:5486
https://access.redhat.com/errata/RHSA-2023:5488
https://access.redhat.com/security/cve/CVE-2023-4061
https://bugzilla.redhat.com/show_bug.cgi?id=2228608
https://github.com/wildfly/wildfly-core/commit/25728f370c2e90969854717ba4bb5182727f3f49
https://github.com/wildfly/wildfly-core/pull/5703

Vulnerability Database

289,599

CVE-2023-4061