wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)

It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution...

admin-cli: Any local users can connect to jboss-cli

It was found that the improper default permissions on /tmp/auth directory in EAP 7 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations...