Description

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Remediation

References

CVE-2020-1732

Related Vulnerabilities

WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) Arbitrary File Upload (6.1)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5338)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32028)

OpenSSL Out-of-bounds Read Vulnerability (CVE-2023-1255)

MySQL CVE-2017-3529 Vulnerability (CVE-2017-3529)

Severity

Medium

Classification

CVE-2020-1732 CWE-20 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities