Описание
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.
A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel8 | Not affected | ||
| Migration Toolkit for Applications 6 | org.keycloak-keycloak-parent | Not affected | ||
| Migration Toolkit for Runtimes | org.keycloak-keycloak-parent | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | apache-james-mime4j | Fix deferred | ||
| Red Hat Data Grid 8 | apache-james-mime4j | Not affected | ||
| Red Hat Decision Manager 7 | apache-james-mime4j | Out of support scope | ||
| Red Hat Fuse 7 | apache-james-mime4j | Out of support scope | ||
| Red Hat Integration Camel K 1 | apache-james-mime4j | Fix deferred | ||
| Red Hat Integration Camel Quarkus 1 | apache-james-mime4j | Will not fix | ||
| Red Hat JBoss Data Grid 7 | apache-james-mime4j | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.
Apache James MIME4J vulnerable to information disclosure to local users
EPSS
5.5 Medium
CVSS3