CVE-2023-0481

EPSS 0.03%
Published 24.02.2023 18:15:14
Last modified 12.03.2025 16:15:18
Source secalert@redhat.com
Teams watchlist Login
Open Login

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Quarkus ≫ Quarkus Version < 2.16.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.075

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-378 Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://github.com/quarkusio/quarkus/pull/30694

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0481

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0481

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0481

EUVD