Skip to main content

Creation of Temporary File With Insecure Permissions

CVE-2023-0482

Severity Medium
Score 5.5/10

Summary

In RESTEasy the insecure "File.createTempFile()" is used in the "DataSourceProvider", "FileProvider" and "Mime4JWorkaround" classes which creates temp files with insecure permissions that could be read by a local user. This vulnerability affects versions prior to 3.15.6.Final, 4.x prior to 4.7.9.Final, 5.x prior to 5.0.6.Final and 6.x prior to 6.2.3.Final.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-378 - Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

Advisory Timeline

  • Published