A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Wildfly_core | Redhat | 7.0.0 (including) | 7.0.0 (including) |
Wildfly_core | Redhat | 7.0.0-alpha1 (including) | 7.0.0-alpha1 (including) |
Wildfly_core | Redhat | 7.0.0-alpha2 (including) | 7.0.0-alpha2 (including) |
Wildfly_core | Redhat | 7.0.0-alpha3 (including) | 7.0.0-alpha3 (including) |
Wildfly_core | Redhat | 7.0.0-alpha4 (including) | 7.0.0-alpha4 (including) |
Wildfly_core | Redhat | 7.0.0-alpha5 (including) | 7.0.0-alpha5 (including) |
Wildfly_core | Redhat | 7.0.0-beta1 (including) | 7.0.0-beta1 (including) |
Wildfly_core | Redhat | 7.0.0-cr1 (including) | 7.0.0-cr1 (including) |