CVE-2023-0482

2023-02-1700:00:00

CWE-378

redhat

www.cve.org

resteasy

file.createtempfile

datasourceprovider

fileprovider

mime4jworkaround

insecure permissions

local user

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "RESTEasy",
    "versions": [
      {
        "version": "Fixed in RESTEasy 4.7.8.Final",
        "status": "affected"
      }
    ]
  }
]