PT-2023-16294 · Quarkus · Quarkus

Published

2023-02-24

Updated

2025-03-12

CVE-2023-0481

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Quarkus (affected versions not specified)

Description The issue arises from the use of the insecure File.createTempFile() in the FileBodyHandler class within the RestEasy Reactive implementation of Quarkus. This results in the creation of temporary files with insecure permissions, potentially allowing them to be read by a local user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-378CWE-668

Related Identifiers

CVE-2023-0481

GHSA-J75R-VF64-6RRH

Affected Products

Quarkus

PT-2023-16294 · Quarkus · Quarkus

CVE-2023-0481

Weakness Enumeration

Related Identifiers

Affected Products

References · 9