CVE-2021-28168

Name of the Vulnerable Software and Affected Versions Eclipse Jersey versions 2.28 through 2.33 Eclipse Jersey versions 3.0.0 through 3.0.1

Description The issue is related to the creation of temporary files with insecure permissions, potentially allowing an attacker to disclose protected information. This is due to the use of the File.createTempFile method, which creates a file in the system temporary directory with permissions that allow all local users to view the file's contents. If security-sensitive information is written to this file, it can be disclosed to other local users.

Recommendations For Eclipse Jersey versions 2.28 through 2.33, consider updating to a version outside of this range to mitigate the risk. For Eclipse Jersey versions 3.0.0 through 3.0.1, consider updating to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the temporary directory where the files are created to minimize the risk of exploitation.