CVE-2023-0481 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-0481 PUBLISHED CVSS 3.299999952316284 LOW

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

EPSS 0.05% · 17.1th percentile

Risk Scores

CVSS v3.1

3.299999952316284

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.05%

17.1th percentile

Affected Products

Vendor	Product	Versions
quarkus	quarkus	0
n/a	Quarkus	Fixed in 2.16.1
Maven	io.quarkus.resteasy.reactive:resteasy-reactive-common	0

Timeline

Feb 24, 2023 CVE Published
Feb 24, 2023 PoC Published
Feb 25, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 5, 2023 EPSS Score
May 13, 2023 EPSS Score
Jun 21, 2023 EPSS Score
Jul 30, 2023 EPSS Score
Sep 7, 2023 EPSS Score
Oct 15, 2023 EPSS Score
Nov 23, 2023 EPSS Score
Jan 1, 2024 EPSS Score

References

Open in Interactive Console →