VulnerableCode Package Details - pkg:maven/org.wildfly.core/wildfly-core-parent@2.0.0.Alpha9

Search for packages

Vulnerability	Summary	Fixed by
VCID-q6t7-9mjk-7fdd Aliases: CVE-2021-3717 GHSA-p9xf-3rm3-qh2h	Wildfly-Core user account mismanagement A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.	17.0 Affected by 0 other vulnerabilities. 17.0.0.Final Affected by 0 other vulnerabilities.
VCID-zau2-npbt-dqaf Aliases: CVE-2019-14838 GHSA-82v2-f875-73g9	Wildfly Authorization Misconfiguration A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server	7.2.5.GA Affected by 0 other vulnerabilities. 8.0.0.Beta1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-q6t7-9mjk-7fdd
Aliases:
CVE-2021-3717
GHSA-p9xf-3rm3-qh2h

Wildfly-Core user account mismanagement A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

17.0
Affected by 0 other vulnerabilities.

17.0.0.Final
Affected by 0 other vulnerabilities.

VCID-zau2-npbt-dqaf
Aliases:
CVE-2019-14838
GHSA-82v2-f875-73g9

Wildfly Authorization Misconfiguration A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

7.2.5.GA
Affected by 0 other vulnerabilities.

8.0.0.Beta1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:02:29.569290+00:00	GitLab Importer	Affected by	VCID-q6t7-9mjk-7fdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.core/wildfly-core-parent/CVE-2021-3717.yml	38.4.0
2026-04-16T22:00:57.899057+00:00	GitLab Importer	Affected by	VCID-zau2-npbt-dqaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.core/wildfly-core-parent/CVE-2019-14838.yml	38.4.0
2026-04-11T23:18:08.900738+00:00	GitLab Importer	Affected by	VCID-q6t7-9mjk-7fdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.core/wildfly-core-parent/CVE-2021-3717.yml	38.3.0
2026-04-11T23:16:34.956905+00:00	GitLab Importer	Affected by	VCID-zau2-npbt-dqaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.core/wildfly-core-parent/CVE-2019-14838.yml	38.3.0
2026-04-02T23:25:47.010992+00:00	GitLab Importer	Affected by	VCID-q6t7-9mjk-7fdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.core/wildfly-core-parent/CVE-2021-3717.yml	38.1.0
2026-04-02T23:24:22.123734+00:00	GitLab Importer	Affected by	VCID-zau2-npbt-dqaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.core/wildfly-core-parent/CVE-2019-14838.yml	38.1.0
2026-04-01T17:46:36.262973+00:00	GitLab Importer	Affected by	VCID-q6t7-9mjk-7fdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.core/wildfly-core-parent/CVE-2021-3717.yml	38.0.0
2026-04-01T17:45:14.230750+00:00	GitLab Importer	Affected by	VCID-zau2-npbt-dqaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.core/wildfly-core-parent/CVE-2019-14838.yml	38.0.0