Vulnerabilities > CVE-2023-0481 - Exposure of Resource to Wrong Sphere vulnerability in Quarkus

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
local
low complexity
quarkus
CWE-668

Summary

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

Vulnerable Configurations

Part Description Count
Application
Quarkus
226

Common Weakness Enumeration (CWE)