[jboss-jira] [JBoss JIRA] (WFLY-4945) [8.x] CVE-2014-7849 WildFly Domain Management: Limited RBAC authorization bypass
Jason Greene (JIRA)
issues at jboss.org
Fri Jul 24 00:12:02 EDT 2015
[ https://issues.jboss.org/browse/WFLY-4945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Greene updated WFLY-4945:
-------------------------------
Security: (was: Security Issue)
> [8.x] CVE-2014-7849 WildFly Domain Management: Limited RBAC authorization bypass
> --------------------------------------------------------------------------------
>
> Key: WFLY-4945
> URL: https://issues.jboss.org/browse/WFLY-4945
> Project: WildFly
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 8.2.0.Final
> Reporter: Brian Stansberry
> Assignee: Brian Stansberry
> Fix For: 8.2.1.Final
>
>
> This is the WildFly 8.x variant of WFCORE-540.
> It was discovered that the Role Based Access Control (RBAC) implementation did not sufficiently verify all authorization conditions that are required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role could use this flaw to add, modify, or undefine a limited set of attributes and their values, which otherwise cannot be written to.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list