Description
The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors.
Remediation
References
https://github.com/droolsjbpm/kie-wb-distributions/commit/90eed433d3
http://rhn.redhat.com/errata/RHSA-2015-0235.html
http://rhn.redhat.com/errata/RHSA-2015-0234.html
Related Vulnerabilities
CVE-2020-1729 Vulnerability in maven package io.smallrye.config:smallrye-config
CVE-2017-9802 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post
CVE-2022-46688 Vulnerability in maven package org.jenkins-ci.plugins:sonar-gerrit
CVE-2015-8315 Vulnerability in npm package millisecond
CVE-2023-25763 Vulnerability in maven package org.jenkins-ci.plugins:email-ext