PT-2023-16295 · Resteasy+4 · Resteasy+4

Published

2023-02-17

Updated

2025-08-12

CVE-2023-0482

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions RESTEasy versions prior to 7.0.0.Alpha1 RESTEasy versions prior to 6.2.3.Final RESTEasy versions prior to 5.0.6.Final RESTEasy versions prior to 4.7.8.Final RESTEasy versions prior to 3.15.5.Final

Description The issue arises from the use of the insecure File.createTempFile() in the DataSourceProvider, FileProvider, and Mime4JWorkaround classes, which creates temporary files with insecure permissions. These permissions could allow a local user to read the files.

Recommendations For versions prior to 7.0.0.Alpha1, update to 7.0.0.Alpha1 or later. For versions prior to 6.2.3.Final, update to 6.2.3.Final or later. For versions prior to 5.0.6.Final, update to 5.0.6.Final or later. For versions prior to 4.7.8.Final, update to 4.7.8.Final or later. For versions prior to 3.15.5.Final, update to 3.15.5.Final or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-378

Related Identifiers

BDU:2025-09868

CVE-2023-0482

GHSA-2C6G-PFX3-W7H8

GHSA-JRMH-V64J-MJM9

RHSA-2023:1512

RHSA-2023:1513

RHSA-2023:1514

RHSA-2023:2705

RHSA-2023:2706

RHSA-2023:2707

USN-7351-1

USN-7630-1

Affected Products

Debian

Linuxmint

Resteasy

Red Os

Ubuntu

PT-2023-16295 · Resteasy+4 · Resteasy+4

CVE-2023-0482

Weakness Enumeration

Related Identifiers

Affected Products

References · 46