CVE-2023-43123

CWE-200Information Exposure4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 92.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache StormApache Storm
Timeline
PublishedNov 23

Description

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is writte

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.storm:storm-core2.0.02.6.0
NVDapache/storm2.0.02.6.0
CVEListV5apache_software_foundation/apache_storm2.0.02.6.0

🔴Vulnerability Details

3
CVEList
Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files2023-11-23
OSV
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files2023-11-23
GHSA
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files2023-11-23
CVE-2023-43123 (MEDIUM CVSS 5.5) | On unix-like systems | cvebase.io