CVE-2023-0481

Published: Feb 24, 2023Modified: Mar 12, 2025

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

Affected (1)

Products: Quarkus: Quarkus

Quarkus

1 product

Quarkus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Quarkus Quarkus	Before 2.16.1

Related CWEs

CWE-378

Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://github.com/quarkusio/quarkus/pull/30694

Source: secalert@redhat.com

PatchVendor Advisory

https://github.com/quarkusio/quarkus/pull/30694

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.