Описание
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | RESTEasy | Fix deferred | ||
| Migration Toolkit for Runtimes | org.keycloak-keycloak-parent | Affected | ||
| Red Hat A-MQ Online | RESTEasy | Fix deferred | ||
| Red Hat build of Apicurio Registry 2 | RESTEasy | Affected | ||
| Red Hat build of Quarkus | org.jboss.resteasy/resteasy-core | Not affected | ||
| Red Hat Data Grid 8 | RESTEasy | Not affected | ||
| Red Hat Enterprise Linux 8 | resteasy | Fix deferred | ||
| Red Hat Enterprise Linux 9 | resteasy | Fix deferred | ||
| Red Hat Fuse 7 | RESTEasy | Fix deferred | ||
| Red Hat Integration Camel K 1 | RESTEasy | Not affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
In RESTEasy the insecure File.createTempFile() is used in the DataSour ...
Уязвимость программного средства RESTEasy, связанная с cозданием временных файлов с небезопасными разрешениями, позволяющая нарушителю получить доступ к конфиденциальной информации
5.3 Medium
CVSS3