Red Hat Bugzilla – Bug 1021756
CVE-2013-4452 JBoss ON: World readable configuration files expose sensitive data
Last modified: 2015-02-15 16:52:45 EST
It was identified that the JBoss Operation Network configuration files, for both the server and the agent, were world readable by default. A malicious local user can read sensitive information regarding the installation, which includes various credentials.
This issue was discovered by Larry O'Leary of the Red Hat Middleware Support Engineering Group.
This issue has been addressed in following products:
JBoss Operations Network 3.1.2
Via RHSA-2013:1762 https://rhn.redhat.com/errata/RHSA-2013-1762.html