It was discovered that the ElytronManagedThread in Wildflys Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Wildfly | Redhat | 11.0.0 (including) | 16.0.0 (including) |