Description
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
References (2)
Core 2
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732
Patch, Third Party Advisory x_refsource_confirm
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54
Scores
CVSS v3
4.2
EPSS
0.0013
EPSS Percentile
32.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-284
CWE-20
Status
published
Products (4)
redhat/jboss_enterprise_application_platform
7.0.0
redhat/jboss_enterprise_application_platform_continuous_delivery
redhat/openshift_application_runtimes
redhat/soteria
< 1.0.1
Published
May 04, 2020
Tracked Since
Feb 18, 2026