Description
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=948106
Related Vulnerabilities
CVE-2015-8103 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-34785 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics
CVE-2014-0219 Vulnerability in maven package org.apache.karaf:org.apache.karaf.main
CVE-2023-33000 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2023-50778 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate