Description
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3065)
WordPress Plugin WP-Stats-Dashboard Multiple Cross-Site Scripting Vulnerabilities (2.6.5.1)
axios Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2025-62718)