High severityNVD Advisory· Published May 24, 2022· Updated Aug 3, 2024

CVE-2021-3717

Description

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.wildfly.core:wildfly-core-parentMaven	< 17.0	17.0

Affected products

N/A/Wildflyv5
Range: wildfly-core 17.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-p9xf-3rm3-qh2hghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-3717ghsaADVISORY
bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
security.netapp.com/advisory/ntap-20220804-0002ghsaWEB
security.netapp.com/advisory/ntap-20220804-0002/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000