Description
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=948106
Related Vulnerabilities
CVE-2018-1000194 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-40634 Vulnerability in maven package org.craftercms:craftercms
CVE-2019-1003088 Vulnerability in maven package egor-n:fabric-beta-publisher
CVE-2018-1000107 Vulnerability in maven package org.jenkins-ci.plugins:ownership
CVE-2021-20218 Vulnerability in maven package io.fabric8:kubernetes-client