org.wildfly.core:wildfly-controller 3.0.0.Alpha11 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.wildfly.core:wildfly-controller package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Information Exposure org.wildfly.core:wildfly-controller is a The core runtime that is used by the WildFly application server. Affected versions of this package are vulnerable to Information Exposure via the `resolve-expression` in the HAL Interface. An attacker can read possible sensitive information from the system by using this function. Note: This is only exploitable if the attacker has management user access. Mitigation: Administrators are recommended to use Vault, especially the Elytron subsystem, to store potential critical information such as DNS, IPs, and credentials. How to fix Information Exposure? Upgrade `org.wildfly.core:wildfly-controller` to version 22.0.0.Final or higher.	[0,22.0.0.Final)
L Access Restriction Bypass org.wildfly.core:wildfly-controller is a The core runtime that is used by the WildFly application server. Affected versions of this package are vulnerable to Access Restriction Bypass. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. How to fix Access Restriction Bypass? Upgrade `org.wildfly.core:wildfly-controller` to version 16.0.1 or higher.	[,16.0.1)

Vulnerability

Vulnerable Version

Information Exposure

org.wildfly.core:wildfly-controller is a The core runtime that is used by the WildFly application server.

Affected versions of this package are vulnerable to Information Exposure via the resolve-expression in the HAL Interface. An attacker can read possible sensitive information from the system by using this function.

Note:

This is only exploitable if the attacker has management user access.

Mitigation:

Administrators are recommended to use Vault, especially the Elytron subsystem, to store potential critical information such as DNS, IPs, and credentials.

How to fix Information Exposure?

Upgrade org.wildfly.core:wildfly-controller to version 22.0.0.Final or higher.

[0,22.0.0.Final)

Access Restriction Bypass

org.wildfly.core:wildfly-controller is a The core runtime that is used by the WildFly application server.

Affected versions of this package are vulnerable to Access Restriction Bypass. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault.

How to fix Access Restriction Bypass?

Upgrade org.wildfly.core:wildfly-controller to version 16.0.1 or higher.

[,16.0.1)

org.wildfly.core:wildfly-controller@3.0.0.Alpha11 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?