A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
                
            References
                    | Link | Resource | 
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 | Issue Tracking Patch Vendor Advisory | 
| https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 | Patch Third Party Advisory | 
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 | Issue Tracking Patch Vendor Advisory | 
| https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 | Patch Third Party Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
Configuration 2 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2020-05-04 17:15
Updated : 2024-11-21 05:11
NVD link : CVE-2020-1732
Mitre link : CVE-2020-1732
CVE.ORG link : CVE-2020-1732
JSON object : View
Products Affected
                redhat
- openshift_application_runtimes
- soteria
- jboss_enterprise_application_platform_continuous_delivery
- jboss_enterprise_application_platform
