Description
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.
Remediation
References
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2014-9653)
WordPress Plugin YITH WooCommerce Brands Add-On Security Bypass (1.3.6)
WordPress Plugin KJM Admin Notices Cross-Site Scripting (2.0.1)
SharePoint Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-1103)
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11476)