Maven package
org.wildfly.core/wildfly-server
pkg:maven/org.wildfly.core/wildfly-server
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-23367 | — | < 27.0.1.Final | 27.0.1.Final | Jan 30, 2025 | A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Mo | ||
| CVE-2021-3644 | — | < 16.0.1.Final | 16.0.1.Final | Aug 26, 2022 | A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access a | ||
| CVE-2018-10862 | Med | 5.5 | < 6.0.0.Alpha3 | 6.0.0.Alpha3 | Jul 27, 2018 | WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability. |
- CVE-2025-23367Jan 30, 2025affected < 27.0.1.Finalfixed 27.0.1.Final
A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Mo
- CVE-2021-3644Aug 26, 2022affected < 16.0.1.Finalfixed 16.0.1.Final
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access a
- affected < 6.0.0.Alpha3fixed 6.0.0.Alpha3
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.