CVE-2023-0482

CWE-3789 documents7 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 84.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Resteasy

Timeline

PublishedFeb 17

Latest updateJul 10

Description

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶Mavenorg.jboss.resteasy:resteasy-core6.0.0.Beta1 — 6.2.3.Final+3

▶Mavenorg.jboss.resteasy:resteasy-multipart-provider6.0.0.Beta1 — 6.2.3.Final+3

▶CVEListV5resteasyFixed in RESTEasy 4.7.8.Final

▶NVDredhat/resteasy4 versions+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Insecure Temporary File in RESTEasy↗2025-01-15

▶

GHSA

Insecure Temporary File in RESTEasy↗2025-01-15

▶

CVEList

CVE-2023-0482: In RESTEasy the insecure File↗2023-02-17

▶

OSV

CVE-2023-0482: In RESTEasy the insecure File↗2023-02-17

▶

📋Vendor Advisories

Ubuntu

RESTEasy vulnerabilities↗2025-07-10

▶

Ubuntu

RESTEasy vulnerabilities↗2025-03-13

▶

Red Hat

RESTEasy: creation of insecure temp files↗2023-01-31

▶

Debian

CVE-2023-0482: resteasy - In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider...↗2023

▶