Description
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=948106
Related Vulnerabilities
CVE-2014-3663 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-1728 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2019-1003020 Vulnerability in maven package org.jenkins-ci.plugins:kanboard
CVE-2023-40343 Vulnerability in maven package io.jenkins.plugins:tuleap-oauth
CVE-2023-34104 Vulnerability in maven package org.webjars.npm:fast-xml-parser