CVE-2020-10714
- Source
- https://cve.org/CVERecord?id=CVE-2020-10714
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10714.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-10714
- Aliases
- Downstream
- Published
- 2020-09-23T13:15:15.233Z
- Modified
- 2026-04-11T11:52:46.124652Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "12.0" } ] }, { "cpe": "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "7.0" } ] }, { "cpe": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "7.0.0" } ] }, { "cpe": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "7.0" } ] } ] }- References
Affected packages
Git / github.com/wildfly-security/wildfly-elytron
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wildfly-security/wildfly-elytron
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "cpe": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "fixed": "1.11.3" } ] }
Affected versions
1.*
1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.1.0.Alpha1
1.1.0.Beta1
1.1.0.Beta10
1.1.0.Beta11
1.1.0.Beta12
1.1.0.Beta13
1.1.0.Beta14
1.1.0.Beta15
1.1.0.Beta16
1.1.0.Beta17
1.1.0.Beta18
1.1.0.Beta19
1.1.0.Beta2
1.1.0.Beta20
1.1.0.Beta21
1.1.0.Beta22
1.1.0.Beta23
1.1.0.Beta24
1.1.0.Beta25
1.1.0.Beta26
1.1.0.Beta27
1.1.0.Beta28
1.1.0.Beta29
1.1.0.Beta3
1.1.0.Beta30
1.1.0.Beta31
1.1.0.Beta32
1.1.0.Beta33
1.1.0.Beta34
1.1.0.Beta35
1.1.0.Beta36
1.1.0.Beta37
1.1.0.Beta38
1.1.0.Beta39
1.1.0.Beta4
1.1.0.Beta40
1.1.0.Beta41
1.1.0.Beta42
1.1.0.Beta43
1.1.0.Beta44
1.1.0.Beta45
1.1.0.Beta46
1.1.0.Beta47
1.1.0.Beta48
1.1.0.Beta49
1.1.0.Beta5
1.1.0.Beta50
1.1.0.Beta51
1.1.0.Beta53
1.1.0.Beta54
1.1.0.Beta55
1.1.0.Beta6
1.1.0.Beta7
1.1.0.Beta8
1.1.0.Beta9
1.1.0.CR1
1.1.0.CR2
1.1.0.CR3
1.10.0.CR1
1.10.0.CR2
1.10.0.CR3
1.10.0.CR4
1.10.0.CR5
1.10.0.CR6
1.10.0.Final
1.10.1.Final
1.10.2.Final
1.10.3.Final
1.11.0.CR1
1.11.0.CR2
1.11.0.CR3
1.11.0.CR4
1.11.0.CR5
1.11.0.Final
1.11.1.Final
1.11.2.Final
1.2.0.Beta1
1.2.0.Beta10
1.2.0.Beta11
1.2.0.Beta12
1.2.0.Beta2
1.2.0.Beta3
1.2.0.Beta4
1.2.0.Beta5
1.2.0.Beta6
1.2.0.Beta7
1.2.0.Beta8
1.2.0.Beta9
1.2.0.Final
1.3.0.Final
1.4.0.Final
1.5.0.Final
1.5.1.Final
1.5.2.Final
1.5.3.Final
1.5.4.Final
1.5.5.Final
1.6.0.Final
1.7.0.CR1
1.7.0.CR2
1.7.0.CR3
1.7.0.Final
1.9.0.CR3
1.9.0.CR4
1.9.0.CR5
1.9.0.Final
1.9.1.Final