Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2021-32620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2019-10305 Vulnerability in maven package com.xebialabs.xl-deploy:jenkins-dependendencies

CVE-2017-7678 Vulnerability in maven package org.apache.spark:spark-core_2.10

CVE-2022-43411 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-plugin

CVE-2020-2206 Vulnerability in maven package org.jenkins-ci.plugins:vncrecorder

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory