CVE-2020-1748
Incorrect Authorization in WildFly Elytron
7.5
HIGH
CVSS 3.1
EPSS 0.31%
Description
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
How to fix CVE-2020-1748
To remediate CVE-2020-1748, upgrade the affected package to a fixed version below.
- —upgrade to 1.6.8 or later
Is CVE-2020-1748 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.6.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |