CVE-2021-28100

Name of the Vulnerable Software and Affected Versions: Priam (affected versions not specified)

Description: The issue arises from Priam's use of File.createTempFile, which sets the permissions on the created file to -rw-r--r--, allowing other users with read access to the local filesystem to read the contents of these files. This can lead to local information disclosure if the files contain sensitive information. The vulnerable locations include the MetaData.java, DoubleRing.java, and PostRestoreHook.java files in the Priam repository.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.