A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{ "nvd_published_at": "2020-09-23T13:15:00Z", "cwe_ids": [ "CWE-384" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-06-24T01:26:35Z" }