Wildfly Deployment System Vulnerability: Cross-Site Scripting Attacks Possible

CVE-2024-10234

7.3HIGH

Key Information

Vendor: Red Hat
Status: Red Hat Build Of Keycloak; Red Hat Fuse 7; Red Hat Jboss Data Grid 7; Red Hat Jboss Enterprise Application Platform 7
Vendor: CVE Published:; 22 October 2024

Summary

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: null to: 6.1 - (MEDIUM)
Oct 22, 2024
Vulnerability Reserved.
Oct 22, 2024
Reported to Red Hat.
Oct 22, 2024
Vulnerability published.
Oct 22, 2024

Collectors

NVD DatabaseMitre Database

.