[jboss-jira] [JBoss JIRA] (WFCORE-540) CVE-2014-7849 WildFly Domain Management: Limited RBAC authorization bypass
Brian Stansberry (JIRA)
issues at jboss.org
Thu Feb 12 15:54:49 EST 2015
[ https://issues.jboss.org/browse/WFCORE-540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry updated WFCORE-540:
------------------------------------
Security: (was: Security Issue)
> CVE-2014-7849 WildFly Domain Management: Limited RBAC authorization bypass
> --------------------------------------------------------------------------
>
> Key: WFCORE-540
> URL: https://issues.jboss.org/browse/WFCORE-540
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 1.0.0.Alpha1
> Reporter: Brian Stansberry
> Assignee: Brian Stansberry
> Fix For: 1.0.0.Alpha18
>
>
> It was discovered that the Role Based Access Control (RBAC) implementation did not sufficiently verify all authorization conditions that are required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role could use this flaw to add, modify, or undefine a limited set of attributes and their values, which otherwise cannot be written to.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list