Exposure of Resource to Wrong Sphere
CVE-2023-0481
Summary
In RestEasy Reactive implementation of Quarkus the insecure "File.createTempFile()" is used in the "FileBodyHandler" class which creates temp files with insecure permissions that could be read by a local user. The vulnerable versions are prior to 2.16.1.Final and 3.0.0.x prior to 3.0.0.Alpha4.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- LOW
- NONE
CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
References
Advisory Timeline
- Published