Description
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
Remediation
References
Related Vulnerabilities
WordPress Plugin Quotes and Tips by BestWebSoft Cross-Site Scripting (1.19)
MySQL CVE-2015-0381 Vulnerability (CVE-2015-0381)
WordPress Plugin MP3-jPlayer Multiple Cross-Site Request Forgery Vulnerabilities (2.7.3)
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13401)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30156)