Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2017-4960 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

CVE-2023-30542 Vulnerability in npm package @openzeppelin/contracts

CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project

CVE-2010-1330 Vulnerability in maven package org.jruby.jcodings:jcodings

CVE-2020-27219 Vulnerability in maven package org.eclipse.hawkbit:hawkbit-update-server

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory