In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
{
"cwe_ids": [
"CWE-378"
],
"cna_assigner": "redhat",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0482.json"
}{
"source": [
"AFFECTED_FIELD",
"CPE_STRING"
],
"extracted_events": [
{
"introduced": "Fixed in RESTEasy 4.7.8.Final"
},
{
"last_affected": "Fixed in RESTEasy 4.7.8.Final"
},
{
"introduced": "3.15.4"
},
{
"last_affected": "3.15.4"
},
{
"introduced": "4.7.7"
},
{
"last_affected": "4.7.7"
},
{
"introduced": "5.0.5"
},
{
"last_affected": "5.0.5"
},
{
"introduced": "6.2.2"
},
{
"last_affected": "6.2.2"
}
],
"cpe": [
"cpe:2.3:a:redhat:resteasy:3.15.4:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:resteasy:4.7.7:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:resteasy:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:resteasy:6.2.2:*:*:*:*:*:*:*"
]
}