CVE-2023-0482

EPSS 0.04%
Published 17.02.2023 22:15:11
Last modified 18.03.2025 16:15:15
Source secalert@redhat.com
Teams watchlist Login
Open Login

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Resteasy Version3.15.4

Redhat ≫ Resteasy Version4.7.7

Redhat ≫ Resteasy Version5.0.5

Redhat ≫ Resteasy Version6.2.2

Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Oncommand Workflow Automation Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-378 Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56

Patch

https://security.netapp.com/advisory/ntap-20230427-0001/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0482

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0482

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0482

EUVD