PT-2023-16294 · Quarkus · Quarkus

Publicado

2023-02-24

Atualizado

2025-03-12

CVE-2023-0481

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Quarkus (affected versions not specified)

Description The issue arises from the use of the insecure File.createTempFile() in the FileBodyHandler class within the RestEasy Reactive implementation of Quarkus. This results in the creation of temporary files with insecure permissions, potentially allowing them to be read by a local user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-378CWE-668

Identificadores relacionados

CVE-2023-0481

GHSA-J75R-VF64-6RRH

Produtos afetados

Quarkus

PT-2023-16294 · Quarkus · Quarkus

CVE-2023-0481

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9