CVE-2021-3717 – CVE-2021-3717 is a security flaw in Wildfly's e... (How to Fix)

Q: What is the severity of CVE-2021-3717?

CVE-2021-3717 has a CVSS score of 7.8 (HIGH). CVE-2021-3717 is a security flaw in Wildfly's elytron configuration that incorrectly handles JBOSS_LOCAL_USER challenges. This allows any local user on the machine to gain JBOSS_LOCAL_USER access, potentially compromising confidentiality, integrity, and availability. It affects wildfly-core versions prior to 17.0.

📋 TL;DR

CVE-2021-3717 is a security flaw in Wildfly's elytron configuration that incorrectly handles JBOSS_LOCAL_USER challenges. This allows any local user on the machine to gain JBOSS_LOCAL_USER access, potentially compromising confidentiality, integrity, and availability. It affects wildfly-core versions prior to 17.0.

💻 Affected Systems

Products:

Wildfly
wildfly-core

Versions: All versions prior to 17.0

Operating Systems: All operating systems running affected Wildfly versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using elytron configuration with JBOSS_LOCAL_USER authentication.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Any local user gains administrative access to Wildfly, leading to complete system compromise, data theft, service disruption, and lateral movement within the environment.

🟠

Likely Case

Local users with legitimate access escalate privileges to gain unauthorized control over Wildfly applications and services.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to the local machine where Wildfly runs.

🌐 Internet-Facing: LOW - This vulnerability requires local user access, not remote exploitation.

🏢 Internal Only: HIGH - Any local user on affected systems can exploit this vulnerability to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local user access but is straightforward once local access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: wildfly-core 17.0 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1991305

Restart Required: Yes

Instructions:

1. Upgrade wildfly-core to version 17.0 or later. 2. Restart all Wildfly services. 3. Verify the fix by checking the version and testing authentication.

🔧 Temporary Workarounds

Disable JBOSS_LOCAL_USER authentication

all

Remove or disable JBOSS_LOCAL_USER authentication mechanism in elytron configuration

Edit elytron configuration files to remove JBOSS_LOCAL_USER references

Restrict local user access

all

Implement strict access controls to limit which users can access the Wildfly server

Use OS-level access controls to restrict user permissions

🧯 If You Can't Patch

Implement strict local user access controls and monitoring
Isolate affected systems using network segmentation

🔍 How to Verify

Check if Vulnerable:

Check wildfly-core version and verify if using elytron with JBOSS_LOCAL_USER authentication

Check Version:

$WILDFLY_HOME/bin/jboss-cli.sh --version

Verify Fix Applied:

Confirm wildfly-core version is 17.0+ and test that local users cannot gain unauthorized JBOSS_LOCAL_USER access

📡 Detection & Monitoring

Log Indicators:

Unauthorized authentication attempts using JBOSS_LOCAL_USER
Privilege escalation events in Wildfly logs

Network Indicators:

Unusual local authentication patterns to Wildfly services

SIEM Query:

source="wildfly" AND (event="authentication" OR event="authorization") AND result="failure" AND user="*"

📊 Metadata

CVE ID: CVE-2021-3717

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-552

Published: May 24, 2022

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1991305 Issue Tracking,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220804-0002/ Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1991305 Issue Tracking,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220804-0002/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3717, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Jboss Enterprise Application Platform by Redhat

Jboss Enterprise Application Platform by Redhat

Jboss Enterprise Application Platform by Redhat

Single Sign On by Redhat

Wildfly Core by Redhat

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JBOSS_LOCAL_USER authentication

Restrict local user access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities