Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2020-2256 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

CVE-2017-15703 Vulnerability in maven package org.apache.nifi:nifi-web-security

CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-jetty8

CVE-2020-2231 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-36891 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory