PT-2023-16295 · Resteasy+4 · Resteasy+4

Publicado

2023-02-17

Atualizado

2025-08-12

CVE-2023-0482

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions RESTEasy versions prior to 7.0.0.Alpha1 RESTEasy versions prior to 6.2.3.Final RESTEasy versions prior to 5.0.6.Final RESTEasy versions prior to 4.7.8.Final RESTEasy versions prior to 3.15.5.Final

Description The issue arises from the use of the insecure File.createTempFile() in the DataSourceProvider, FileProvider, and Mime4JWorkaround classes, which creates temporary files with insecure permissions. These permissions could allow a local user to read the files.

Recommendations For versions prior to 7.0.0.Alpha1, update to 7.0.0.Alpha1 or later. For versions prior to 6.2.3.Final, update to 6.2.3.Final or later. For versions prior to 5.0.6.Final, update to 5.0.6.Final or later. For versions prior to 4.7.8.Final, update to 4.7.8.Final or later. For versions prior to 3.15.5.Final, update to 3.15.5.Final or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-378

Identificadores relacionados

BDU:2025-09868

CVE-2023-0482

GHSA-2C6G-PFX3-W7H8

GHSA-JRMH-V64J-MJM9

RHSA-2023:1512

RHSA-2023:1513

RHSA-2023:1514

RHSA-2023:2705

RHSA-2023:2706

RHSA-2023:2707

USN-7351-1

USN-7630-1

Produtos afetados

Debian

Linuxmint

Resteasy

Red Os

Ubuntu

PT-2023-16295 · Resteasy+4 · Resteasy+4

CVE-2023-0482

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 46