CVE-2023-0482

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-0482
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0482.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-0482
Aliases
Downstream
Published
2023-02-17T22:15:11.957Z
Modified
2026-04-12T06:36:12.117529Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

References

Affected packages

Git / github.com/resteasy/resteasy

Affected ranges

Type
GIT
Repo
https://github.com/resteasy/resteasy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2e4fc7767300e5d0bd145d91c68dc8e7b8e6fd9c
Last affected
62b8bffcf144ec885bf0b1111eaa07d67f4a5205
Last affected
8f2ce4ff528414fd7a7573d82f1cd8efc4a67efe
Last affected
9931764863bd25e152a025ccf466b7fd61c75242
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.15.4"
        },
        {
            "last_affected": "4.7.7"
        },
        {
            "last_affected": "5.0.5"
        },
        {
            "last_affected": "6.2.2"
        }
    ],
    "cpe": [
        "cpe:2.3:a:redhat:resteasy:3.15.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:resteasy:4.7.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:resteasy:5.0.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:resteasy:6.2.2:*:*:*:*:*:*:*"
    ]
}

Affected versions

3.*
3.0-beta-1
3.0-beta-2
3.0-beta-3
3.0-beta-4
3.0-beta-5
3.0-beta-6
3.0-rc-1
3.0.0.Final
3.0.1.Final
3.0.10.Final
3.0.13.Final
3.0.14.Final
3.0.15.Final
3.0.16.Final
3.0.2
3.0.20.Final
3.0.21.Final
3.0.22.Final
3.0.23.Final
3.0.24.Final
3.0.4
3.0.5.Final
3.0.6.Final
3.0.7.Final
3.0.8.Final
3.0.9.Final
3.1.0.Beta1
3.1.0.Beta2
3.1.0.CR1
3.1.0.CR2
3.1.0.CR3
3.1.0.Final
3.1.1.Final
3.1.2.Final
3.1.3.Final
3.1.4.Final
3.10.0.Final
3.11.0.Final
3.12.0.Final
3.13.0.Final
3.15.0.Alpha1
3.15.2.Final
3.15.3.Final
3.15.4.Final
3.5.0.CR1
3.5.0.CR2
3.5.0.CR3
3.5.0.CR4
3.5.0.Final
3.5.1.Final
3.6.0.CR1
3.6.0.Final
3.6.1.Final
3.6.2.Final
3.6.3.Final
3.8.0.Final
4.*
4.0.0.Beta1
4.0.0.Beta2
4.0.0.Beta3
4.0.0.Beta4
4.0.0.Beta5
4.0.0.Beta6
4.0.0.Beta7
4.0.0.CR1
4.0.0.CR2
4.1.0.Final
4.2.0.Final
4.3.0.Final
4.4.0.CR1
4.4.0.Final
4.4.1.Final
4.4.2.Final
4.7.0.Beta1
4.7.0.Final
4.7.1.Final
4.7.2.Final
4.7.3.Final
4.7.4.Final
4.7.5.Final
4.7.6.Final
4.7.7.Final
5.*
5.0.0.Alpha1
5.0.0.Beta1
5.0.0.Beta2
5.0.0.Beta3
5.0.0.Final
5.0.1.Final
5.0.3.Final
5.0.4.Final
5.0.5.Final
6.*
6.0.0.Beta1
6.0.0.Final
6.1.0.Alpha1
6.1.0.Beta1
6.1.0.Beta2
6.1.0.Beta3
6.1.0.Final
6.2.0.Beta1
6.2.0.Final
6.2.1.Final
6.2.2.Final

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0482.json"