Incorrect authorization in Wildfly Elytron - CVE-2022-0866
Published: June 7, 2022
Vulnerability identifier: #VU64037
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-0866
CWE-ID: CWE-863
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Wildfly Elytron
Wildfly Elytron
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect authorization. The vulnerability can lead to possible disclosure of the wrong caller principal that can be returned from EJBComponent#getCallerPrincipal.
The vulnerability exists due to incorrect authorization. The vulnerability can lead to possible disclosure of the wrong caller principal that can be returned from EJBComponent#getCallerPrincipal.
How to mitigate CVE-2022-0866
Install updates from vendor's website.