CVE-2023-0482
MEDIUM5.5EPSS 0.05%Insecure Temporary File in RESTEasy
Published: 1/15/2025Modified: 4/28/2026
Description
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Affected packages (3)
- Debian/resteasy3.0from 0
- Maven/org.jboss.resteasy:resteasy-core>= 6.0.0.Beta1, < 6.2.3.Final
- Maven/org.jboss.resteasy:resteasy-multipart-provider>= 6.0.0.Beta1, < 6.2.3.Final
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (16)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-0482
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-0482
- PATCHhttps://github.com/resteasy/resteasy
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2166004
- WEBhttps://github.com/orgs/resteasy/discussions/3415
- WEBhttps://github.com/orgs/resteasy/discussions/3504
- WEBhttps://github.com/orgs/resteasy/discussions/3506
- WEBhttps://github.com/resteasy/resteasy/pull/3409
- WEBhttps://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
- WEBhttps://github.com/resteasy/resteasy/pull/3410
- WEBhttps://github.com/resteasy/resteasy/pull/3412
- WEBhttps://github.com/resteasy/resteasy/pull/3413
- WEBhttps://github.com/resteasy/resteasy/pull/3423
- WEBhttps://github.com/resteasy/resteasy/security/advisories/GHSA-2c6g-pfx3-w7h8
- WEBhttps://issues.redhat.com/browse/RESTEASY-3286
- WEBhttps://security.netapp.com/advisory/ntap-20230427-0001