CVE-2023-0482

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0482

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0482.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0482

Aliases

GHSA-2c6g-pfx3-w7h8

Related

Published

2023-02-17T22:15:11Z

Modified

2025-02-11T01:59:37.131089Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

References

Affected packages

Debian:11 / resteasy3.0

Package

Name: resteasy3.0
Purl: pkg:deb/debian/resteasy3.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.26-2

3.0.26-3

3.0.26-4

3.0.26-5

3.0.26-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / resteasy3.0

Package

Name: resteasy3.0
Purl: pkg:deb/debian/resteasy3.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.26-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / resteasy3.0

Package

Name: resteasy3.0
Purl: pkg:deb/debian/resteasy3.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.26-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/resteasy/resteasy

Affected ranges

Type: GIT
Repo: https://github.com/resteasy/resteasy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2e4fc7767300e5d0bd145d91c68dc8e7b8e6fd9c

Last affected

62b8bffcf144ec885bf0b1111eaa07d67f4a5205

Last affected

8f2ce4ff528414fd7a7573d82f1cd8efc4a67efe

Last affected

9931764863bd25e152a025ccf466b7fd61c75242

Affected versions

3.*

3.0-beta-1

3.0-beta-2

3.0-beta-3

3.0-beta-4

3.0-beta-5

3.0-beta-6

3.0-rc-1

3.0.0.Final

3.0.1.Final

3.0.10.Final

3.0.11.Final

3.0.12.Final

3.0.13.Final

3.0.14.Final

3.0.15.Final

3.0.16.Final

3.0.2

3.0.20.Final

3.0.21.Final

3.0.22.Final

3.0.23.Final

3.0.24.Final

3.0.4

3.0.5.Final

3.0.6.Final

3.0.7.Final

3.0.8.Final

3.0.9.Final

3.1.0.Beta1

3.1.0.Beta2

3.1.0.CR1

3.1.0.CR2

3.1.0.CR3

3.1.0.Final

3.1.1.Final

3.1.2.Final

3.1.3.Final

3.1.4.Final

3.10.0.Final

3.11.0.Final

3.12.0.Final

3.13.0.Final

3.15.0.Alpha1

3.15.2.Final

3.15.3.Final

3.15.4.Final

3.5.0.CR1

3.5.0.CR2

3.5.0.CR3

3.5.0.CR4

3.5.0.Final

3.5.1.Final

3.6.0.CR1

3.6.0.Final

3.6.1.Final

3.6.2.Final

3.6.3.Final

3.8.0.Final

4.*

4.0.0.Beta1

4.0.0.Beta2

4.0.0.Beta3

4.0.0.Beta4

4.0.0.Beta5

4.0.0.Beta6

4.0.0.Beta7

4.0.0.CR1

4.0.0.CR2

4.1.0.Final

4.2.0.Final

4.3.0.Final

4.4.0.CR1

4.4.0.Final

4.4.1.Final

4.4.2.Final

4.7.0.Beta1

4.7.0.Final

4.7.1.Final

4.7.2.Final

4.7.3.Final

4.7.4.Final

4.7.5.Final

4.7.6.Final

4.7.7.Final

5.*

5.0.0.Alpha1

5.0.0.Beta1

5.0.0.Beta2

5.0.0.Beta3

5.0.0.Final

5.0.1.Final

5.0.3.Final

5.0.4.Final

5.0.5.Final

6.*

6.0.0.Beta1

6.0.0.Final

6.1.0.Alpha1

6.1.0.Beta1

6.1.0.Beta2

6.1.0.Beta3

6.1.0.Final

6.2.0.Beta1

6.2.0.Final

6.2.1.Final

6.2.2.Final