Vulnerabilities > CVE-2023-0482 - Creation of Temporary File With Insecure Permissions vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

redhat

netapp

CWE-378

NVD

Published: 2023-02-17

Updated: 2025-03-18

Summary

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Resteasy 5.0.5 Redhat Resteasy 4.7.7 Redhat Resteasy 3.15.4 Redhat Resteasy 6.2.2	4
Application	Netapp Netapp Oncommand Workflow Automation - Netapp Active IQ Unified Manager -	4

Common Weakness Enumeration (CWE)

CWE-378 - Creation of Temporary File With Insecure Permissions

References

https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
https://security.netapp.com/advisory/ntap-20230427-0001/
https://security.netapp.com/advisory/ntap-20230427-0001/