-
Bug
-
Resolution: Done
-
Blocker
-
7.0.0.DR8
-
None
Server logs sensitive information into a world readable audit.log file. This information could be used by a local attacker to gain otherwise protected information about user sessions etc.
This issue was originally reported as CVE in https://bugzilla.redhat.com/show_bug.cgi?id=1063642. EAP 6.x branches are fixed but same issue occurs in EAP 7 again.
- is cloned by
-
WFCORE-885 World readable audit.log file
- Resolved