wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead.....
7.4CVSS
7.1AI Score
0.001EPSS
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file...
5.3CVSS
5.2AI Score
0.001EPSS
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may...
7.5CVSS
7.5AI Score
0.002EPSS
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly...
3.3CVSS
5.2AI Score
0.001EPSS
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the...
5.3CVSS
7AI Score
0.001EPSS
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the...
4.3CVSS
4.5AI Score
0.001EPSS