{"id":"CVE-2020-10714","details":"A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","aliases":["GHSA-7fhr-2694-rg79"],"modified":"2026-04-10T04:21:36.336734Z","published":"2020-09-23T13:15:15.233Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20201223-0002/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1825714"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wildfly-security/wildfly-elytron","events":[{"introduced":"0"},{"fixed":"04b772a9a6cf1bf1e0f47c084d7d20ddf7c7d614"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.11.3"}]}}],"versions":["1.0.0.Alpha1","1.0.0.Alpha2","1.0.0.Alpha3","1.1.0.Alpha1","1.1.0.Beta1","1.1.0.Beta10","1.1.0.Beta11","1.1.0.Beta12","1.1.0.Beta13","1.1.0.Beta14","1.1.0.Beta15","1.1.0.Beta16","1.1.0.Beta17","1.1.0.Beta18","1.1.0.Beta19","1.1.0.Beta2","1.1.0.Beta20","1.1.0.Beta21","1.1.0.Beta22","1.1.0.Beta23","1.1.0.Beta24","1.1.0.Beta25","1.1.0.Beta26","1.1.0.Beta27","1.1.0.Beta28","1.1.0.Beta29","1.1.0.Beta3","1.1.0.Beta30","1.1.0.Beta31","1.1.0.Beta32","1.1.0.Beta33","1.1.0.Beta34","1.1.0.Beta35","1.1.0.Beta36","1.1.0.Beta37","1.1.0.Beta38","1.1.0.Beta39","1.1.0.Beta4","1.1.0.Beta40","1.1.0.Beta41","1.1.0.Beta42","1.1.0.Beta43","1.1.0.Beta44","1.1.0.Beta45","1.1.0.Beta46","1.1.0.Beta47","1.1.0.Beta48","1.1.0.Beta49","1.1.0.Beta5","1.1.0.Beta50","1.1.0.Beta51","1.1.0.Beta53","1.1.0.Beta54","1.1.0.Beta55","1.1.0.Beta6","1.1.0.Beta7","1.1.0.Beta8","1.1.0.Beta9","1.1.0.CR1","1.1.0.CR2","1.1.0.CR3","1.10.0.CR1","1.10.0.CR2","1.10.0.CR3","1.10.0.CR4","1.10.0.CR5","1.10.0.CR6","1.10.0.Final","1.10.1.Final","1.10.2.Final","1.10.3.Final","1.11.0.CR1","1.11.0.CR2","1.11.0.CR3","1.11.0.CR4","1.11.0.CR5","1.11.0.Final","1.11.1.Final","1.11.2.Final","1.2.0.Beta1","1.2.0.Beta10","1.2.0.Beta11","1.2.0.Beta12","1.2.0.Beta2","1.2.0.Beta3","1.2.0.Beta4","1.2.0.Beta5","1.2.0.Beta6","1.2.0.Beta7","1.2.0.Beta8","1.2.0.Beta9","1.2.0.Final","1.3.0.Final","1.4.0.Final","1.5.0.Final","1.5.1.Final","1.5.2.Final","1.5.3.Final","1.5.4.Final","1.5.5.Final","1.6.0.Final","1.7.0.CR1","1.7.0.CR2","1.7.0.CR3","1.7.0.Final","1.9.0.CR3","1.9.0.CR4","1.9.0.CR5","1.9.0.Final","1.9.1.Final"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10714.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}