PT-2022-24976 · Manydesigns · Manydesigns Portofino
Alessiostallata
·
Published
2022-11-11
·
Updated
2022-11-15
·
CVE-2022-3952
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ManyDesigns Portofino version 5.3.2
Description
A vulnerability has been found in ManyDesigns Portofino, where the function
createTempDir of the file WarFileLauncher.java is affected. The manipulation leads to the creation of a temporary file in a directory with insecure permissions.Recommendations
For ManyDesigns Portofino version 5.3.2, upgrade to version 5.3.3 to address this issue. As a temporary workaround, consider restricting access to the
createTempDir function of the WarFileLauncher.java file until the upgrade is applied.Exploit
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Manydesigns Portofino