CVE-2023-0482

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-378
View all →

Vulnerability Description

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Related Vulnerabilities

CVE-2021-21290

MEDIUM
CVSS:5.5(Medium)

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final...

CWE-3782021

CVE-2021-28168

MEDIUM
CVSS:5.5(Medium)

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of th...

CWE-3782021

CVE-2022-24823

MEDIUM
CVSS:5.5(Medium)

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290....

CWE-3782022

CVE-2023-28600

MEDIUM
CVSS:5.4(Medium)

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and ava...

CWE-3782023

CVE-2023-26603

MEDIUM
CVSS:5.9(Medium)

JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer.

CWE-3782023

CVE-2025-32979

MEDIUM
CVSS:6.5(Medium)

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.

CWE-3782025