A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
History

Wed, 30 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat build Of Keycloak
CPEs cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0:*:*:*:*:*:*:*
Vendors & Products Redhat build Of Keycloak

Tue, 22 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 22 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
Title wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS) Wildfly: wildfly vulnerable to cross-site scripting (xss)
First Time appeared Redhat
Redhat build Keycloak
Redhat jboss Data Grid
Redhat jboss Enterprise Application Platform
Redhat jboss Fuse
Redhat jbosseapxp
Redhat red Hat Single Sign On
CPEs cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_enterprise_application_platform:7
cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:red_hat_single_sign_on:7
Vendors & Products Redhat
Redhat build Keycloak
Redhat jboss Data Grid
Redhat jboss Enterprise Application Platform
Redhat jboss Fuse
Redhat jbosseapxp
Redhat red Hat Single Sign On
References

Tue, 22 Oct 2024 13:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)
Weaknesses CWE-79
References
Metrics threat_severity

None

cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-10-22T13:17:57.891Z

Updated: 2024-12-19T16:26:54.839Z

Reserved: 2024-10-22T01:50:57.793Z

Link: CVE-2024-10234

cve-icon Vulnrichment

Updated: 2024-10-22T17:41:09.349Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-22T14:15:14.573

Modified: 2024-10-30T18:50:59.883

Link: CVE-2024-10234

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-22T00:00:00Z

Links: CVE-2024-10234 - Bugzilla