Wildfly Deployment System Vulnerability: Cross-Site Scripting Attacks Possible
CVE-2024-10234

7.3HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Jboss Enterprise Application Platform 8
Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8
Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9
Vendor
CVE Published:
22 October 2024

Summary

A security flaw has been identified in Wildfly that enables attackers to perform Cross-Site Scripting (XSS) attacks within the deployment system. This vulnerability allows an attacker or an insider to leverage the deployment mechanism to introduce a malicious payload, potentially leading to unauthorized server behavior. It is essential for users and administrators of Wildfly to mitigate this risk by applying recommended security patches and updates to safeguard their systems from exploitation.

References

https://access.redhat.com/errata/RHSA-2025:2025
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2026
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2029
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.