[Bugs] [Bug 13250] New: [CVE 21] jboss-ejb-client 2.1.4 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13250

          Platform: 2021.1
            Bug ID: 13250
           Summary: [CVE 21] jboss-ejb-client 2.1.4 CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2021-20250,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package jboss-ejb-client version 2.1.4  
INFO (CVEs are): jboss-ejb-client 2.1.4 cves found
CVE-2021-20250
Desc: A flaw was found in wildfly. The JBoss EJB client has publicly accessible
privileged actions which may lead to information disclosure on the server it is
deployed on. The highest threat from this vulnerability is to data
confidentiality.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-20250
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230502/f1f6c3ec/attachment.html>