Red Hat JBossEAP: Creation of Temporary File With Insecure Permissions (CVE-2023-0482)

Red Hat JBossEAP: Creation of Temporary File With Insecure Permissions (CVE-2023-0482)

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:N)

Published

01/31/2023

Created

09/20/2024

Added

09/19/2024

Modified

12/20/2024

Description

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Solution(s)

• red-hat-jboss-eap-upgrade-latest

References

• https://attackerkb.com/topics/cve-2023-0482
• CVE - 2023-0482
• https://access.redhat.com/security/cve/CVE-2023-0482
• https://bugzilla.redhat.com/show_bug.cgi?id=2166004
• https://access.redhat.com/errata/RHSA-2023:1512
• https://access.redhat.com/errata/RHSA-2023:1513
• https://access.redhat.com/errata/RHSA-2023:1514
• https://access.redhat.com/errata/RHSA-2023:1516

View more