Vulnerability CVE-2020-14317


Published: 2021-06-02

Description:
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

Type:

CWE-364

(Signal Handler Race Condition)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Redhat -> Jboss enterprise application platform 
Redhat -> Wildfly 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=1854251

Copyright 2024, cxsecurity.com

 

Back to Top