org.wildfly.core:wildfly-controller@16.0.0.Final vulnerabilities

latest version

24.0.0.Final
latest non vulnerable version

25.0.0.Beta2
first published

10 years ago
latest version published

a month ago
licenses detected
- (Apache-2.0 OR LGPL-2.1)
  [3.0.0.Final,22.0.0.Beta3)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.wildfly.core:wildfly-controller package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Information Exposure org.wildfly.core:wildfly-controller is a The core runtime that is used by the WildFly application server. Affected versions of this package are vulnerable to Information Exposure via the `resolve-expression` in the HAL Interface. An attacker can read possible sensitive information from the system by using this function. Note: This is only exploitable if the attacker has management user access. Mitigation: Administrators are recommended to use Vault, especially the Elytron subsystem, to store potential critical information such as DNS, IPs, and credentials. How to fix Information Exposure? Upgrade `org.wildfly.core:wildfly-controller` to version 22.0.0.Final or higher.	[0,22.0.0.Final)
L Access Restriction Bypass org.wildfly.core:wildfly-controller is a The core runtime that is used by the WildFly application server. Affected versions of this package are vulnerable to Access Restriction Bypass. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. How to fix Access Restriction Bypass? Upgrade `org.wildfly.core:wildfly-controller` to version 16.0.1 or higher.	[,16.0.1)

Information Exposure

org.wildfly.core:wildfly-controller is a The core runtime that is used by the WildFly application server.

Affected versions of this package are vulnerable to Information Exposure via the resolve-expression in the HAL Interface. An attacker can read possible sensitive information from the system by using this function.

Note:

This is only exploitable if the attacker has management user access.

Mitigation:

Administrators are recommended to use Vault, especially the Elytron subsystem, to store potential critical information such as DNS, IPs, and credentials.

How to fix Information Exposure?

Upgrade org.wildfly.core:wildfly-controller to version 22.0.0.Final or higher.

[0,22.0.0.Final)

Access Restriction Bypass

org.wildfly.core:wildfly-controller is a The core runtime that is used by the WildFly application server.

Affected versions of this package are vulnerable to Access Restriction Bypass. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault.

How to fix Access Restriction Bypass?

Upgrade org.wildfly.core:wildfly-controller to version 16.0.1 or higher.

[,16.0.1)

Go back to all versions of this package

org.wildfly.core:wildfly-controller@16.0.0.Final vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities