[MAVEN:GHSA-5499-QJVH-6J7W] Observable Discrepancy in Wildfly Elytron
Severity
Moderate
Affected Packages
3
Fixed Packages
3
CVEs
1
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.
Package | Affected Version |
---|---|
pkg:maven/org.wildfly.security/wildfly-elytron | = 1.16.0 |
pkg:maven/org.wildfly.security/wildfly-elytron | >= 1.11.0, <= 1.15.4 |
pkg:maven/org.wildfly.security/wildfly-elytron | <= 1.10.13 |
Package | Fixed Version |
---|---|
pkg:maven/org.wildfly.security/wildfly-elytron | = 1.16.1 |
pkg:maven/org.wildfly.security/wildfly-elytron | = 1.15.5 |
pkg:maven/org.wildfly.security/wildfly-elytron | = 1.10.14 |
- ID
- MAVEN:GHSA-5499-QJVH-6J7W
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-5499-qjvh-6j7w
- Published
-
2022-05-24T19:10:03
(2 years ago) - Modified
-
2023-01-27T05:02:52
(20 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.wildfly.security/wildfly-elytron | org.wildfly.security | wildfly-elytron | = 1.16.0 | |||
Fixed | pkg:maven/org.wildfly.security/wildfly-elytron | org.wildfly.security | wildfly-elytron | = 1.16.1 | |||
Affected | pkg:maven/org.wildfly.security/wildfly-elytron | org.wildfly.security | wildfly-elytron | >= 1.11.0 <= 1.15.4 | |||
Fixed | pkg:maven/org.wildfly.security/wildfly-elytron | org.wildfly.security | wildfly-elytron | = 1.15.5 | |||
Affected | pkg:maven/org.wildfly.security/wildfly-elytron | org.wildfly.security | wildfly-elytron | <= 1.10.13 | |||
Fixed | pkg:maven/org.wildfly.security/wildfly-elytron | org.wildfly.security | wildfly-elytron | = 1.10.14 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |