Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2015-8103 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-34785 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics

CVE-2014-0219 Vulnerability in maven package org.apache.karaf:org.apache.karaf.main

CVE-2023-33000 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration

CVE-2023-50778 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory