CVE-2023-4061 MEDIUM

CVE-2023-4061: Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor

Vendor Red Hat
Product Red Hat JBoss Enterprise Application Platform 7
Weakness CWE-200 · Info exposure
Published November 8, 2023
Last update November 7, 2025
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.

Key dates

02Disclosure timeline

November 8, 2023 CVE published
November 7, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-28235 Contao possible cookie sharing with external domains while checking protected pages for broken links CVE-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set CVE-2022-22337 IBM Sterling B2B Integrator Standard Edition information disclosure CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access CVE-2021-41092 Docker CLI leaks private registry credentials to registry-1.docker.io