Description
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=948106
Related Vulnerabilities
CVE-2018-1000014 Vulnerability in maven package org.jenkins-ci.plugins:translation
CVE-2023-30516 Vulnerability in maven package org.jenkins-ci.plugins:image-tag-parameter
CVE-2022-42124 Vulnerability in maven package com.liferay:com.liferay.layout.page.template.service
CVE-2010-2103 Vulnerability in maven package org.apache.axis2:axis2
CVE-2017-2610 Vulnerability in maven package org.jenkins-ci.main:jenkins-war