CVE-2021-3644
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.wildfly.core:wildfly-server | <16.0.1.Final | 16.0.1.Final |
| Maven | org.wildfly.core:wildfly-server | >=17.0.0.Beta2,<17.0.0.Beta3 | 17.0.0.Beta3 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-3644
- https://github.com/wildfly/wildfly-core/pull/4668
- https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714
- https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b
- https://access.redhat.com/security/cve/CVE-2021-3644
- https://bugzilla.redhat.com/show_bug.cgi?id=1976052
- https://github.com/wildfly/wildfly-core
- https://issues.redhat.com/browse/WFCORE-5511
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.