VYPR

Bitnami package

wildfly

pkg:bitnami/wildfly

Vulnerabilities (13)

  • CVE-2025-23367Jan 30, 2025
    affected < 27.0.1fixed 27.0.1

    A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Mo

  • CVE-2022-1278Sep 13, 2022
    affected < 27.0.0fixed 27.0.0

    A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

  • CVE-2021-3644Aug 26, 2022
    affected >= 16.0.0, < 16.0.1fixed 16.0.1

    A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access a

  • CVE-2022-0866May 10, 2022
    affected >= 11.0.0, < 26.1.1fixed 26.1.1

    This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field

  • CVE-2021-3503Apr 18, 2022
    affected < 23.0.1fixed 23.0.1

    A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.

  • CVE-2020-1719Jun 7, 2021
    affected < 20.0.0fixed 20.0.0

    A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.

  • CVE-2020-14317Jun 2, 2021

    It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing

  • CVE-2021-3536May 20, 2021
    affected < 23.0.2fixed 23.0.2

    A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

  • CVE-2020-27822Dec 8, 2020
    affected >= 19.0.0, < 19.0.1fixed 19.0.1

    A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availabil

  • CVE-2020-25640Nov 24, 2020
    affected < 21.0.0fixed 21.0.0

    A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

  • CVE-2020-25689Oct 30, 2020
    affected < 21.0.1fixed 21.0.1

    A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of

  • CVE-2020-10718Sep 16, 2020
    affected < 13.0.0fixed 13.0.0

    A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from thi

  • CVE-2020-10740Jun 22, 2020
    affected < 20.0.0fixed 20.0.0

    A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.