WildFly 30 & CVE-2023-4586

[Loca4368]

Hi WildFly team,

We are currently upgrading WF to 30, and have noticed a CVE-2023-4586 against  org.infinispan.client.hotrod module, https://access.redhat.com/security/cve/cve-2023-4586.

According to the Description of the CVE itself, it seems subject to the "Hot Rod Client",  "A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack."

In our case, we don't use/config the Hot Rod client in our application, and wanted to confirm that

does this mean that we are not affected/vulnerable to the above CVE?

Any help would be appreciated!

Regards,

Ming