Moderate severityNVD Advisory· Published Nov 8, 2023· Updated Nov 7, 2025
Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor
CVE-2023-4061
Description
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.wildfly.core:wildfly-controllerMaven | < 22.0.0.Final | 22.0.0.Final |
Affected products
6cpe:/a:redhat:jboss_enterprise_application_platform:7.4+ 4 more
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7range: 0:1.15.20-1.Final_redhat_00001.1.el7eap
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8range: 0:1.15.20-1.Final_redhat_00001.1.el8eap
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9range: 0:1.15.20-1.Final_redhat_00001.1.el9eap
- cpe:/a:redhat:jboss_enterprise_application_platform:8
Patches
Vulnerability mechanics
References
10- access.redhat.com/errata/RHSA-2023:5484ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:5485ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:5486ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:5488ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-26qx-4m49-6cfrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-4061ghsaADVISORY
- access.redhat.com/security/cve/CVE-2023-4061ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/wildfly/wildfly-core/commit/25728f370c2e90969854717ba4bb5182727f3f49ghsaWEB
- github.com/wildfly/wildfly-core/pull/5703ghsaWEB
News mentions
0No linked articles in our index yet.