CVE-2023-0482

CVE-2023-0482

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Published Feb 1, 2023

Red Hat · Security advisory Red Hat · Bugzilla #2166004

CVSS ScoreMedium

5.5

Vulnerabilities

CVE-2023-0482

Published Feb 1, 2023

Red Hat · Security advisory Red Hat · Bugzilla #2166004

CVSS ScoreMedium

5.5

CVE-2023-0482 Security Details

CVE ID: CVE-2023-0482
CWE: CWE-378
NVD-CWE-Other
CVE Description: In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Published: Feb 1, 2023
CVSS Score & Severity: 5.5Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score: 0.050%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/jboss/resteasy/plugins/providers/FileProvider.readFrom(Ljava/lang/Class;Ljava/lang/reflect/Type;[Ljava/lang/annotation/Annotation;Ljakarta/ws/rs/core/MediaType;Ljakarta/ws/rs/core/MultivaluedMap;Ljava/io/InputStream;)Ljava/io/File;
JVM
org/jboss/resteasy/plugins/providers/multipart/Mime4JWorkaround$CustomTempFileStorageProvider.createTempFile(Ljava/lang/String;Ljava/lang/String;Ljava/io/File;)Ljava/io/File;
JVM
org/jboss/resteasy/plugins/providers/multipart/MultipartInputImpl$CustomTempFileStorageProvider.createStorageOutputStream()Lorg/apache/james/mime4j/storage/StorageOutputStream;
JVM
Affected Ecosystems: affected
Source: National Vulnerability Database
References: Red Hat · Security advisoryTHIRD_PARTY
Red Hat · Bugzilla #2166004THIRD_PARTY

CVE-2023-0482 Security Details

CVE ID: CVE-2023-0482
CWE: CWE-378
NVD-CWE-Other
CVE Description: In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Published: Feb 1, 2023
CVSS Score & Severity: 5.5Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score: 0.050%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/jboss/resteasy/plugins/providers/FileProvider.readFrom(Ljava/lang/Class;Ljava/lang/reflect/Type;[Ljava/lang/annotation/Annotation;Ljakarta/ws/rs/core/MediaType;Ljakarta/ws/rs/core/MultivaluedMap;Ljava/io/InputStream;)Ljava/io/File;
JVM
org/jboss/resteasy/plugins/providers/multipart/Mime4JWorkaround$CustomTempFileStorageProvider.createTempFile(Ljava/lang/String;Ljava/lang/String;Ljava/io/File;)Ljava/io/File;
JVM
org/jboss/resteasy/plugins/providers/multipart/MultipartInputImpl$CustomTempFileStorageProvider.createStorageOutputStream()Lorg/apache/james/mime4j/storage/StorageOutputStream;
JVM
Affected Ecosystems: affected
Source: National Vulnerability Database
References: Red Hat · Security advisoryTHIRD_PARTY
Red Hat · Bugzilla #2166004THIRD_PARTY

Find vulnerabilities. Fix fast with AI.

CVE-2023-0482

CVE-2023-0482 Security Details

CVE-2023-0482 Security Details