CVE-2023-0481

CVSS v3.1 3.3 (Low)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 1

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

Weaknesses

CWE-378: Creation of Temporary File With Insecure Permissions
CWE-668: Exposure of Resource to Wrong Sphere

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2023-02-24 18:15:14
(19 months ago)
Updated Date: 2023-03-07 01:44:24
(18 months ago)

Affected Products

Quarkus

Quarkus

Configuration #1

		CPE23	From	Up To
	Quarkus prior 2.16.1 version	cpe:2.3:a:quarkus:quarkus		< 2.16.1