CVE-2022-45787

CWE-312 — Cleartext Storage of Sensitive Info CWE-200 — Information Exposure6 documents6 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 99.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache James Apache Software Foundation Apache James Mime4j

Timeline

PublishedJan 6

Latest updateJul 15

Description

Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.apache.james:apache-mime4j-storage< 0.8.9

▶CVEListV5apache_software_foundation/apache_james_mime4j0.8.8

▶NVDapache/james< 0.8.9

🔴Vulnerability Details

CVEList

Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider↗2023-01-06

▶

OSV

Apache James MIME4J vulnerable to information disclosure to local users↗2023-01-06

▶

GHSA

Apache James MIME4J vulnerable to information disclosure to local users↗2023-01-06

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Configuration (Apache James MIME4J) — CVE-2022-45787↗2023-07-15

▶

Red Hat

apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider↗2023-01-06

▶