Description
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=948106
Related Vulnerabilities
CVE-2021-32620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2019-10305 Vulnerability in maven package com.xebialabs.xl-deploy:jenkins-dependendencies
CVE-2017-7678 Vulnerability in maven package org.apache.spark:spark-core_2.10
CVE-2022-43411 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-plugin
CVE-2020-2206 Vulnerability in maven package org.jenkins-ci.plugins:vncrecorder