[jboss-jira] [JBoss JIRA] (WFLY-2743) Some static references are stored to the ServiceRegistry that do not have permission checks
Arun Neelicattu (JIRA)
issues at jboss.org
Mon Sep 29 00:13:03 EDT 2014
[ https://issues.jboss.org/browse/WFLY-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arun Neelicattu updated WFLY-2743:
----------------------------------
Security: (was: Red Hat Internal)
> Some static references are stored to the ServiceRegistry that do not have permission checks
> -------------------------------------------------------------------------------------------
>
> Key: WFLY-2743
> URL: https://issues.jboss.org/browse/WFLY-2743
> Project: WildFly
> Issue Type: Bug
> Reporter: Stuart Douglas
> Assignee: Stuart Douglas
> Labels: CVE-2014-0018, Security, SecurityTracking
> Fix For: 8.0.0.Final
>
>
> This enables a deployment to get access to the MSC ServiceRegistry, and from there change internal server state without any security manager checks.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list