CVE-2020-1732

MEDIUM

Soteria <1.0.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

References (2)

Core 2
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732

Scores

CVSS v3 4.2
EPSS 0.0066
EPSS Percentile 47.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-20 CWE-284
Status published
Products (4)
redhat/jboss_enterprise_application_platform 7.0.0
redhat/jboss_enterprise_application_platform_continuous_delivery
redhat/openshift_application_runtimes
redhat/soteria < 1.0.1
Published May 04, 2020
Tracked Since Feb 18, 2026