← Back

CVE-2023-0482

nvd nist
Published: Feb 17, 2023Modified: Mar 18, 2025

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Affected (8)

Redhat
1 product
Resteasy
Netapp
2 products
Active Iq Unified Manager
Oncommand Workflow Automation
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Resteasy
Version 3.15.4
Resteasy
Version 4.7.7
Resteasy
Version 5.0.5
Resteasy
Version 6.2.2
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Netapp
Active Iq Unified Manager
All versions
Active Iq Unified Manager
All versions
Active Iq Unified Manager
All versions
Oncommand Workflow Automation
All versions

Related CWEs

CWE-378
Creation of Temporary File With Insecure Permissions
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

References (4)

Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.