[jboss-jira] [JBoss JIRA] (WFCORE-4956) EMBARGOED CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API [eap-7.3.z]
James Perkins (Jira)
issues at jboss.org
Thu Aug 6 10:50:00 EDT 2020
[ https://issues.redhat.com/browse/WFCORE-4956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Perkins updated WFCORE-4956:
----------------------------------
Security: (was: Security Issue)
> EMBARGOED CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API [eap-7.3.z]
> --------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-4956
> URL: https://issues.redhat.com/browse/WFCORE-4956
> Project: WildFly Core
> Issue Type: Bug
> Components: Embedded
> Reporter: Kunjan Rathod
> Assignee: James Perkins
> Priority: Minor
> Labels: CVE-2020-10718, Security, SecurityTracking, downstream_dependency, pscomponent:wildfly
>
> Security Tracking Issue
> Do not make this issue public.
> Impact: Low
> Public Date: not set
> Resolve Bug By: 545 calendar days from the public date
> In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then. Remember to explicitly set CLOSED:WONTFIX if you decide not to fix this bug.
> Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9RBqB
> NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE.
> Flaw:
> -----
> EMBARGOED CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
> https://bugzilla.redhat.com/show_bug.cgi?id=1828476
> The embedded managed process API has two methods exposed as public methods which can bypass the security manager.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list