VYPR
Moderate severityNVD Advisory· Published Nov 8, 2023· Updated Nov 7, 2025

Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor

CVE-2023-4061

Description

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.wildfly.core:wildfly-controllerMaven
< 22.0.0.Final22.0.0.Final

Affected products

6
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.4+ 4 more
    • cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7range: 0:1.15.20-1.Final_redhat_00001.1.el7eap
    • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8range: 0:1.15.20-1.Final_redhat_00001.1.el8eap
    • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9range: 0:1.15.20-1.Final_redhat_00001.1.el9eap
    • cpe:/a:redhat:jboss_enterprise_application_platform:8
  • ghsa-coords
    Range: < 22.0.0.Final

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.