CVE-2023-0481
Published Jan 23, 2023
·Updated
In Quarkus' RESTEasy Reactive component, usage of File.createTempFile() class in the FileBodyHandler class causes temp files to be created with -rw-r--r-- permissions.
Affected Software
3 affected componentsFixes available
maven/io.quarkus.resteasy.reactive:resteasy-reactive-common<3.0.0.Alpha4
3.0.0.Alpha4
redhat/quarkus<2.16.1
2.16.1
Quarkus Quarkus<2.16.1
Remediation
Patch Available
Event History
Feb 24, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionWeakness
Advisory Published
06:30 PM
Frequently Asked Questions
1
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-0481.
2
What is the title of this vulnerability?
The title of this vulnerability is 'In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.'
3
What is the severity of CVE-2023-0481?
The severity of CVE-2023-0481 is low, with a severity value of 3.3.
4
What software is affected by CVE-2023-0481?
The Quarkus software version up to 2.16.1 is affected by CVE-2023-0481.
5
How can I fix CVE-2023-0481?
To fix CVE-2023-0481, you should upgrade Quarkus to a version higher than 2.16.1.