It exists that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat wildfly |
||
redhat jboss enterprise application platform 7.0.0 |