Vulnerability

CVE-2020-1732

 Report advisory or correction

CVSS Score 4.2 medium

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-20

References

https://github.com/wildfly-security/soteria/pull/1
https://access.redhat.com/security/cve/cve-2020-1732
https://bugzilla.redhat.com/show_bug.cgi?id=1801726
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1732

[CVE-2020-1732] CWE-20: Improper Input Validation

Description

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

See org.glassfish.soteria/jakarta.security.enterprise package information