Wildfly Deployment System Vulnerability: Cross-Site Scripting Attacks Possible
CVE-2024-10234
7.3HIGH
Key Information:
- Vendor
- Red Hat
- Status
- Vendor
- CVE Published:
- 22 October 2024
Summary
A security flaw has been identified in Wildfly that enables attackers to perform Cross-Site Scripting (XSS) attacks within the deployment system. This vulnerability allows an attacker or an insider to leverage the deployment mechanism to introduce a malicious payload, potentially leading to unauthorized server behavior. It is essential for users and administrators of Wildfly to mitigate this risk by applying recommended security patches and updates to safeguard their systems from exploitation.
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved