PT-2023-14754 · Apache · Mime4J

Jonathan Leitschuh

·

Publicado

2023-01-06

·

Atualizado

2025-09-26

·

CVE-2022-45787

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apache James MIME4J versions prior to 0.8.9
Description Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users.
Recommendations For Apache James MIME4J versions prior to 0.8.9, upgrade to MIME4j version 0.8.9 or later.

Correção

Information Disclosure

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-312

Identificadores relacionados

CVE-2022-45787
GHSA-Q84X-3476-8FF2
OESA-2025-2296
OESA-2025-2343
OESA-2025-2344
OESA-2025-2345
OESA-2025-2346
OESA-2025-2347
RHSA-2023:1512
RHSA-2023:1513
RHSA-2023:1514
RHSA-2023:2705
RHSA-2023:2706
RHSA-2023:2707

Produtos afetados

Mime4J