CVE-2023-0482
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
| Software | From | Fixed in |
|---|---|---|
org.jboss.resteasy / resteasy-core
|
6.0.0.Beta1 | 6.2.3.Final |
|
org.jboss.resteasy / resteasy-core
|
5.0.0.Alpha1 | 5.0.6.Final |
|
org.jboss.resteasy / resteasy-core
|
4.0.0.Beta1 | 4.7.8.Final |
|
org.jboss.resteasy / resteasy-multipart-provider
|
6.0.0.Beta1 | 6.2.3.Final |
|
org.jboss.resteasy / resteasy-multipart-provider
|
5.0.0.Alpha1 | 5.0.6.Final |
|
org.jboss.resteasy / resteasy-multipart-provider
|
4.0.0.Beta1 | 4.7.8.Final |
|
org.jboss.resteasy / resteasy-multipart-provider
|
- | 3.15.5.Final |
|
org.jboss.resteasy / resteasy-core
|
- | 3.15.5.Final |
| redhat / resteasy | 5.0.5 | 5.0.5.x |
| redhat / resteasy | 4.7.7 | 4.7.7.x |
| redhat / resteasy | 3.15.4 | 3.15.4.x |
| redhat / resteasy | 6.2.2 | 6.2.2.x |
- https://bugzilla.redhat.com/show_bug.cgi?id=2166004
- https://github.com/orgs/resteasy/discussions/3415
- https://github.com/orgs/resteasy/discussions/3504
- https://github.com/orgs/resteasy/discussions/3506
- https://github.com/resteasy/resteasy/pull/3409
- https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
- https://github.com/resteasy/resteasy/pull/3410
- https://github.com/resteasy/resteasy/pull/3412
- https://github.com/resteasy/resteasy/pull/3413
- https://github.com/resteasy/resteasy/pull/3423
- https://github.com/resteasy/resteasy/security/advisories/GHSA-2c6g-pfx3-w7h8
- https://issues.redhat.com/browse/RESTEASY-3286
- https://security.netapp.com/advisory/ntap-20230427-0001
- https://security.netapp.com/advisory/ntap-20230427-0001/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime