[jboss-jira] [JBoss JIRA] (WFCORE-4956) CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API

[ https://issues.redhat.com/browse/WFCORE-4956?page=com.atlassian.jira.plug... ] Brian Stansberry updated WFCORE-4956: ------------------------------------- Description: Security Tracking Issue Impact: Low Public Date: not set Resolve Bug By: 545 calendar days from the public date Flaw: ----- EMBARGOED CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API https://bugzilla.redhat.com/show_bug.cgi?id=1828476 The embedded managed process API has two methods exposed as public methods which can bypass the security manager. was: Security Tracking Issue Do not make this issue public. Impact: Low Public Date: not set Resolve Bug By: 545 calendar days from the public date In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then. Remember to explicitly set CLOSED:WONTFIX if you decide not to fix this bug. Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9RBqB NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE. Flaw: ----- EMBARGOED CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API https://bugzilla.redhat.com/show_bug.cgi?id=1828476 The embedded managed process API has two methods exposed as public methods which can bypass the security manager. -- This message was sent by Atlassian Jira (v7.13.8#713008)