Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2013-6397 Vulnerability in maven package org.apache.solr:solr-velocity

CVE-2018-1051 Vulnerability in maven package org.jboss.resteasy:resteasy-yaml-provider

CVE-2019-10369 Vulnerability in maven package org.jenkins-ci.plugins:jclouds-jenkins

CVE-2023-49653 Vulnerability in maven package org.jenkins-ci.plugins:jira

CVE-2018-1000013 Vulnerability in maven package org.jenkins-ci.plugins:release

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory