Bug 2158908 (CVE-2022-45935) - CVE-2022-45935 apache-james: Temporary File Information Disclosure
Summary: CVE-2022-45935 apache-james: Temporary File Information Disclosure
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-45935
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2158901
TreeView+ depends on / blocked
 
Reported: 2023-01-06 21:27 UTC by Chess Hazlett
Modified: 2023-11-13 11:42 UTC (History)
71 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-01-21 09:52:12 UTC
Embargoed:

Attachments (Terms of Use)

Description Chess Hazlett 2023-01-06 21:27:20 UTC 
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d
Comment 5 Product Security DevOps Team 2023-01-21 09:52:07 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-45935
Note You need to log in before you can comment on or make changes to this bug.