Candidate: CVE-2012-2312
PublicDate: 2019-12-18 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2312
 https://bugzilla.redhat.com/show_bug.cgi?id=818837
Description:
 An Elevated Privileges issue exists in JBoss AS 7 Community Release due to
 the improper implementation in the security context propagation, A threat
 gets reused from the thread pool that still retains the security context
 from the process last used, which lets a local user obtain elevated
 privileges.
Ubuntu-Description:
Notes:
 sbeattie> JBoss 7 only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_jbossas4:
upstream_jbossas4: needs-triage
precise_jbossas4: not-affected (7.x only)
trusty_jbossas4: not-affected (7.x only)
trusty/esm_jbossas4: DNE (trusty was not-affected [7.x only])
vivid_jbossas4: DNE
devel_jbossas4: DNE