CVE-2020-1748: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

Description Pedro Sampaio 2020-02-27 01:56:37 UTC

A flaw was found in Wildfly. At certain scenarios WildFlySecurityManager checks can by bypassed when using custom security managers.

References:

https://issues.redhat.com/browse/EAPSUP-67

Comment 8 Kunjan Rathod 2020-04-28 06:42:30 UTC

This vulnerability is out of security support scope for the following products: * Red Hat Enterprise Application Platform 6 * Red Hat Enterprise Application Platform 5 * Red Hat JBoss Operations Network 3 * Red Hat JBoss Data Virtualization & Services 6 * Red Hat JBoss Fuse 6 * Red Hat JBoss SOA Platform 5

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 11 errata-xmlrpc 2020-08-17 13:26:00 UTC

This issue has been addressed in the following products:

Red Hat JBoss Enterprise Application Platform

Via RHSA-2020:3464 https://access.redhat.com/errata/RHSA-2020:3464

Comment 12 errata-xmlrpc 2020-08-17 13:28:18 UTC

This issue has been addressed in the following products:

Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6

Via RHSA-2020:3461 https://access.redhat.com/errata/RHSA-2020:3461

Comment 13 errata-xmlrpc 2020-08-17 13:30:31 UTC

This issue has been addressed in the following products:

Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7

Via RHSA-2020:3462 https://access.redhat.com/errata/RHSA-2020:3462

Comment 14 errata-xmlrpc 2020-08-17 13:33:59 UTC

This issue has been addressed in the following products:

Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8

Via RHSA-2020:3463 https://access.redhat.com/errata/RHSA-2020:3463

Comment 15 Product Security DevOps Team 2020-08-17 15:15:47 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1748

Comment 16 errata-xmlrpc 2020-08-18 16:35:06 UTC

This issue has been addressed in the following products:

Red Hat Single Sign-On 7.4.2

Via RHSA-2020:3501 https://access.redhat.com/errata/RHSA-2020:3501

Comment 17 errata-xmlrpc 2020-09-02 09:47:40 UTC

This issue has been addressed in the following products:

Red Hat Openshift Application Runtimes

Via RHSA-2020:3539 https://access.redhat.com/errata/RHSA-2020:3539

Comment 18 errata-xmlrpc 2020-09-07 12:56:14 UTC

This issue has been addressed in the following products:

Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6

Via RHSA-2020:3637 https://access.redhat.com/errata/RHSA-2020:3637

Comment 19 errata-xmlrpc 2020-09-07 12:59:11 UTC

This issue has been addressed in the following products:

Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8

Via RHSA-2020:3639 https://access.redhat.com/errata/RHSA-2020:3639

Comment 20 errata-xmlrpc 2020-09-07 13:02:19 UTC

This issue has been addressed in the following products:

Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7

Via RHSA-2020:3638 https://access.redhat.com/errata/RHSA-2020:3638

Comment 21 errata-xmlrpc 2020-09-07 13:06:36 UTC

This issue has been addressed in the following products:

Red Hat JBoss Enterprise Application Platform

Via RHSA-2020:3642 https://access.redhat.com/errata/RHSA-2020:3642

Comment 23 errata-xmlrpc 2020-09-17 13:08:33 UTC

This issue has been addressed in the following products:

Red Hat Data Grid 7.3.7

Via RHSA-2020:3779 https://access.redhat.com/errata/RHSA-2020:3779

Comment 26 errata-xmlrpc 2020-11-05 18:47:31 UTC

This issue has been addressed in the following products:

RHDM 7.9.0

Via RHSA-2020:4960 https://access.redhat.com/errata/RHSA-2020:4960

Comment 27 errata-xmlrpc 2020-11-05 18:48:56 UTC

This issue has been addressed in the following products:

RHPAM 7.9.0

Via RHSA-2020:4961 https://access.redhat.com/errata/RHSA-2020:4961