Skip to main content

Exposure of Resource to Wrong Sphere

CVE-2023-0481

Severity Low
Score 3.3/10

Summary

In RestEasy Reactive implementation of Quarkus the insecure "File.createTempFile()" is used in the "FileBodyHandler" class which creates temp files with insecure permissions that could be read by a local user. The vulnerable versions are prior to 2.16.1.Final and 3.0.0.x prior to 3.0.0.Alpha4.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Advisory Timeline

  • Published