Skip to main content

Insecure Temporary File

CVE-2023-33251

Severity Medium
Score 5.5/10

Summary

When Akka HTTP in versions prior to 10.5.2 accepts file uploads via the "FileUploadDirectives.fileUploadAll" directive, the temporary file it creates has too weak permissions. It is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-377 - Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Advisory Timeline

  • Published