CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
32.5%
org.wildfly.core: wildfly-controller is vulnerable to Information Disclosure. The vulnerability is caused by a missing authorization check in the resolve-expression
HAL interface while reading a system property or environment variables. This can lead to a malicious user accessing the Wildfly system and obtain sensitive information.
access.redhat.com/errata/RHSA-2023:5484
access.redhat.com/errata/RHSA-2023:5485
access.redhat.com/errata/RHSA-2023:5486
access.redhat.com/errata/RHSA-2023:5488
access.redhat.com/security/cve/CVE-2023-4061
bugzilla.redhat.com/show_bug.cgi?id=2228608
github.com/advisories/GHSA-26qx-4m49-6cfr
github.com/wildfly/wildfly-core/commit/25728f370c2e90969854717ba4bb5182727f3f49
github.com/wildfly/wildfly-core/pull/5703