[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-0866":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":38,"related":39,"reserved_at":9,"published_at":40,"modified_at":41,"state":42,"summary":43,"references_raw":52,"kevs":62,"epss":63,"epss_history":66,"metrics":326,"affected":337},"CVE-2022-0866","This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-863","Incorrect Authorization","The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.","weakness","Incomplete","Class","High",[],[],[],[],[24,26,28,30,32,34,36],{"_key":25},"RHSA-2022:4918",{"_key":27},"RHSA-2022:4919",{"_key":29},"RHSA-2022:6782",{"_key":31},"RHSA-2022:6783",{"_key":33},"RHSA-2022:7409",{"_key":35},"RHSA-2022:7410",{"_key":37},"RHSA-2022:7411",[],[],"2022-05-10T20:20:35.000Z","2024-08-02T23:40:04.505Z","Analyzed",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":45,"epss_score":46,"severity":47,"severity_score":48,"severity_version":49,"severity_source":50,"severity_vector":51,"severity_status":42},false,"low",0.00272,"medium",5.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",[53],{"url":54,"sources":55,"tags":57},"https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0",[56,50],"cve.org",[58,59,60,61],"X Refsource MISC","Issue Tracking","Mitigation","Vendor Advisory",[],{"date":64,"score":46,"percentile":65},"2026-06-04",0.50787,[67,71,75,78,81,83,86,89,92,95,98,101,104,107,110,114,117,120,123,126,129,132,135,137,140,143,146,149,152,155,158,161,164,167,170,173,176,179,182,185,188,190,193,195,198,201,204,207,210,213,216,218,220,223,225,228,231,234,237,240,243,246,248,251,254,257,259,262,265,268,270,273,276,279,282,285,288,290,292,295,298,301,304,307,310,313,316,318,321,324],{"date":68,"score":69,"percentile":70},"2025-11-04",0.00204,0.42697,{"date":72,"score":73,"percentile":74},"2025-11-05",0.00273,0.50485,{"date":76,"score":73,"percentile":77},"2025-11-06",0.50496,{"date":79,"score":73,"percentile":80},"2025-11-07",0.50522,{"date":82,"score":73,"percentile":80},"2025-11-08",{"date":84,"score":46,"percentile":85},"2025-11-09",0.50398,{"date":87,"score":46,"percentile":88},"2025-11-10",0.50368,{"date":90,"score":46,"percentile":91},"2025-11-11",0.50381,{"date":93,"score":46,"percentile":94},"2025-11-12",0.50406,{"date":96,"score":46,"percentile":97},"2025-11-13",0.50412,{"date":99,"score":46,"percentile":100},"2025-11-14",0.5042,{"date":102,"score":46,"percentile":103},"2025-11-15",0.50413,{"date":105,"score":46,"percentile":106},"2025-11-16",0.50393,{"date":108,"score":46,"percentile":109},"2025-11-17",0.5037,{"date":111,"score":112,"percentile":113},"2025-11-18",0.00159,0.31392,{"date":115,"score":112,"percentile":116},"2025-11-19",0.31408,{"date":118,"score":112,"percentile":119},"2025-11-20",0.31403,{"date":121,"score":46,"percentile":122},"2025-11-21",0.50378,{"date":124,"score":46,"percentile":125},"2025-11-22",0.50371,{"date":127,"score":46,"percentile":128},"2025-11-23",0.50333,{"date":130,"score":46,"percentile":131},"2025-11-24",0.50321,{"date":133,"score":46,"percentile":134},"2025-11-25",0.50329,{"date":136,"score":46,"percentile":131},"2025-11-26",{"date":138,"score":46,"percentile":139},"2025-11-27",0.50327,{"date":141,"score":46,"percentile":142},"2025-11-28",0.50292,{"date":144,"score":46,"percentile":145},"2025-11-29",0.5027,{"date":147,"score":46,"percentile":148},"2025-11-30",0.50257,{"date":150,"score":46,"percentile":151},"2025-12-01",0.50407,{"date":153,"score":46,"percentile":154},"2025-12-02",0.50426,{"date":156,"score":46,"percentile":157},"2025-12-03",0.50423,{"date":159,"score":46,"percentile":160},"2025-12-04",0.50271,{"date":162,"score":46,"percentile":163},"2025-12-05",0.50293,{"date":165,"score":46,"percentile":166},"2025-12-06",0.5029,{"date":168,"score":46,"percentile":169},"2025-12-07",0.50281,{"date":171,"score":46,"percentile":172},"2025-12-08",0.50276,{"date":174,"score":46,"percentile":175},"2025-12-09",0.50296,{"date":177,"score":46,"percentile":178},"2025-12-10",0.50363,{"date":180,"score":46,"percentile":181},"2025-12-11",0.50382,{"date":183,"score":46,"percentile":184},"2025-12-12",0.5041,{"date":186,"score":46,"percentile":187},"2025-12-13",0.50396,{"date":189,"score":46,"percentile":122},"2025-12-14",{"date":191,"score":46,"percentile":192},"2025-12-15",0.50362,{"date":194,"score":46,"percentile":125},"2025-12-16",{"date":196,"score":46,"percentile":197},"2025-12-17",0.50399,{"date":199,"score":46,"percentile":200},"2025-12-18",0.50439,{"date":202,"score":46,"percentile":203},"2025-12-19",0.5044,{"date":205,"score":46,"percentile":206},"2025-12-20",0.50401,{"date":208,"score":46,"percentile":209},"2025-12-21",0.50374,{"date":211,"score":46,"percentile":212},"2025-12-22",0.50355,{"date":214,"score":46,"percentile":215},"2025-12-23",0.50354,{"date":217,"score":46,"percentile":192},"2025-12-24",{"date":219,"score":46,"percentile":103},"2025-12-25",{"date":221,"score":46,"percentile":222},"2025-12-26",0.50402,{"date":224,"score":46,"percentile":103},"2025-12-27",{"date":226,"score":46,"percentile":227},"2025-12-28",0.50344,{"date":229,"score":46,"percentile":230},"2025-12-29",0.50332,{"date":232,"score":46,"percentile":233},"2025-12-30",0.50328,{"date":235,"score":46,"percentile":236},"2025-12-31",0.50366,{"date":238,"score":46,"percentile":239},"2026-01-01",0.50527,{"date":241,"score":46,"percentile":242},"2026-01-02",0.50507,{"date":244,"score":46,"percentile":245},"2026-01-03",0.50502,{"date":247,"score":46,"percentile":134},"2026-01-04",{"date":249,"score":46,"percentile":250},"2026-01-05",0.50311,{"date":252,"score":46,"percentile":253},"2026-01-06",0.50319,{"date":255,"score":46,"percentile":256},"2026-01-07",0.50331,{"date":258,"score":46,"percentile":212},"2026-01-08",{"date":260,"score":46,"percentile":261},"2026-01-09",0.50339,{"date":263,"score":46,"percentile":264},"2026-01-10",0.50335,{"date":266,"score":46,"percentile":267},"2026-01-11",0.50314,{"date":269,"score":46,"percentile":160},"2026-01-12",{"date":271,"score":46,"percentile":272},"2026-01-13",0.50247,{"date":274,"score":46,"percentile":275},"2026-01-14",0.50295,{"date":277,"score":46,"percentile":278},"2026-01-15",0.50299,{"date":280,"score":46,"percentile":281},"2026-01-16",0.5032,{"date":283,"score":46,"percentile":284},"2026-01-17",0.50298,{"date":286,"score":46,"percentile":287},"2026-01-18",0.50273,{"date":289,"score":46,"percentile":272},"2026-01-19",{"date":291,"score":46,"percentile":272},"2026-01-20",{"date":293,"score":46,"percentile":294},"2026-01-21",0.50248,{"date":296,"score":46,"percentile":297},"2026-01-22",0.50254,{"date":299,"score":46,"percentile":300},"2026-01-23",0.50304,{"date":302,"score":46,"percentile":303},"2026-01-24",0.50309,{"date":305,"score":46,"percentile":306},"2026-01-25",0.50261,{"date":308,"score":46,"percentile":309},"2026-01-26",0.50235,{"date":311,"score":46,"percentile":312},"2026-01-27",0.50239,{"date":314,"score":46,"percentile":315},"2026-01-28",0.50252,{"date":317,"score":46,"percentile":294},"2026-01-29",{"date":319,"score":46,"percentile":320},"2026-01-30",0.50251,{"date":322,"score":46,"percentile":323},"2026-01-31",0.50258,{"date":325,"score":46,"percentile":106},"2026-02-01",[327],{"source":50,"cvss_v2_0":328,"cvss_v3_0":9,"cvss_v3_1":333,"cvss_v4_0":9},{"baseScore":329,"baseSeverity":9,"vectorString":330,"impactScore":331,"exploitabilityScore":332},4.3,"AV:N/AC:M/Au:N/C:P/I:N/A:N",2.9,8.6,{"baseScore":48,"baseSeverity":334,"vectorString":51,"impactScore":335,"exploitabilityScore":336},"MEDIUM",2.3,10,[338,350,356],{"ecosystem":9,"name":339,"vendor":340,"product":341,"cpe_part":342,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":343},"jboss enterprise application platform","redhat","jboss_enterprise_application_platform","a",[344],{"version":345,"is_range":346,"range_type":347,"version_start":348,"version_start_type":349,"version_end":9,"version_end_type":9,"fixed_in":9},"gte7.1.0",true,"cpe","7.1.0","including",{"ecosystem":9,"name":351,"vendor":340,"product":352,"cpe_part":342,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":353},"openstack platform","openstack_platform",[354],{"version":355,"is_range":44,"range_type":347,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"13.0",{"ecosystem":9,"name":357,"vendor":340,"product":357,"cpe_part":342,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":358},"wildfly",[359,364],{"version":360,"is_range":346,"range_type":347,"version_start":361,"version_start_type":349,"version_end":362,"version_end_type":363,"fixed_in":9},"gte11.0.0_lt26.1.1","11.0.0","26.1.1","excluding",{"version":365,"is_range":44,"range_type":347,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"27.0.0:alpha1"]