A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

Affected Packages

Maven org.wildfly.core:wildfly-core-parent

Affected versions: 0 (fixed in 17.0)

Related CVEs

CVE-2021-3717

Key Information

GHSA ID

GHSA-p9xf-3rm3-qh2h

Published

May 25, 2022 12:00 AM

Last Modified

August 11, 2022 1:22 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.wildfly.core:wildfly-core-parent

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 3, 2025 6:48 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.