CVE-2023-0482

EPSS 0.04%
Veröffentlicht 17.02.2023 22:15:11
Zuletzt bearbeitet 18.03.2025 16:15:15
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Resteasy Version3.15.4

Redhat ≫ Resteasy Version4.7.7

Redhat ≫ Resteasy Version5.0.5

Redhat ≫ Resteasy Version6.2.2

Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Oncommand Workflow Automation Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-378 Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56

Patch

https://security.netapp.com/advisory/ntap-20230427-0001/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0482

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0482

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0482

EUVD