[jboss-jira] [JBoss JIRA] (WFLY-13439) CVE-2020-6950 jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-1437

Farah Juma (Jira) issues at jboss.org
Thu May 7 13:55:00 EDT 2020 

     [ https://issues.redhat.com/browse/WFLY-13439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma updated WFLY-13439:
------------------------------
    Description: 
Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 https://bugzilla.redhat.com/show_bug.cgi?id=1805006

This was already fixed upstream:
https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741


  was:
Security Tracking Issue

Do not make this issue public.

Impact: Moderate
Public Date: 20-Feb-2020
Resolve Bug By: 19-Feb-2021

In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then. Remember to explicitly set CLOSED:WONTFIX if you decide not to fix this bug.

Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9RBqB

Flaw:
-----

CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
https://bugzilla.redhat.com/show_bug.cgi?id=1805006

Eclipse Mojarra before version 2.3.14 is vulnerable to a path traversal flaw via either the loc parameter or the con parameter. An attacker could exploit this to read arbitrary files. It was reported as CVE-2019-0199, but it was an incomplete fix.

Upstream Patch:
https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741




> CVE-2020-6950 jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-1437
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-13439
>                 URL: https://issues.redhat.com/browse/WFLY-13439
>             Project: WildFly
>          Issue Type: Bug
>          Components: JSF
>            Reporter: Farah Juma
>            Assignee: Farah Juma
>            Priority: Minor
>              Labels: CVE-2020-6950, Security, SecurityTracking, pscomponent:jsf-impl
>
> Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 https://bugzilla.redhat.com/show_bug.cgi?id=1805006
> This was already fixed upstream:
> https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
> https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list