Vulnerability Details : CVE-2023-4061
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.
Vulnerability category: Information leak
Products affected by CVE-2023-4061
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:wildfly_core:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4061
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4061
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
Red Hat, Inc. | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
N/A
|
N/A
|
RedHat-CVE-2023-4061 |
CWE ids for CVE-2023-4061
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2023-4061
-
https://access.redhat.com/errata/RHSA-2023:5486
RHSA-2023:5486 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2023:5485
RHSA-2023:5485 - Security Advisory - Red Hat 客户门户网站Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2023:5488
RHSA-2023:5488 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2023:5484
RHSA-2023:5484 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2228608
2228608 – (CVE-2023-4061) CVE-2023-4061 wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actorIssue Tracking
-
https://access.redhat.com/security/cve/CVE-2023-4061
CVE-2023-4061- Red Hat Customer PortalVendor Advisory
Jump to