2158916 – (CVE-2022-45787) CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider

Bug 2158916 (CVE-2022-45787) - CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider

Summary: CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-45787
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2158913
TreeView+	depends on / blocked

Reported:	2023-01-06 22:02 UTC by Chess Hazlett
Modified:	2024-12-10 22:05 UTC (History)
CC List:	106 users (show)
Fixed In Version:	mime4j 0.8.9
Clone Of:
Environment:
Last Closed:	2023-03-29 16:32:34 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:1512	None	None	None	2023-03-29 11:44:22 UTC
Red Hat Product Errata	RHSA-2023:1513	None	None	None	2023-03-29 11:42:38 UTC
Red Hat Product Errata	RHSA-2023:1514	None	None	None	2023-03-29 11:41:12 UTC
Red Hat Product Errata	RHSA-2023:1516	None	None	None	2023-03-29 11:46:10 UTC
Red Hat Product Errata	RHSA-2023:2705	None	None	None	2023-05-10 11:23:46 UTC
Red Hat Product Errata	RHSA-2023:2706	None	None	None	2023-05-10 11:22:45 UTC
Red Hat Product Errata	RHSA-2023:2707	None	None	None	2023-05-10 11:23:18 UTC
Red Hat Product Errata	RHSA-2023:2710	None	None	None	2023-05-10 14:33:06 UTC
Red Hat Product Errata	RHSA-2023:2713	None	None	None	2023-05-10 11:59:50 UTC
Red Hat Product Errata	RHSA-2023:3809	None	None	None	2023-06-29 11:09:50 UTC
Red Hat Product Errata	RHSA-2023:3815	None	None	None	2023-06-27 11:29:06 UTC

Description Chess Hazlett 2023-01-06 22:02:57 UTC

Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.

https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj

Comment 5 errata-xmlrpc 2023-03-29 11:41:08 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2023:1514 https://access.redhat.com/errata/RHSA-2023:1514

Comment 6 errata-xmlrpc 2023-03-29 11:42:34 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2023:1513 https://access.redhat.com/errata/RHSA-2023:1513

Comment 7 errata-xmlrpc 2023-03-29 11:44:18 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2023:1512 https://access.redhat.com/errata/RHSA-2023:1512

Comment 8 errata-xmlrpc 2023-03-29 11:46:05 UTC

This issue has been addressed in the following products:

  EAP 7.4.10 release

Via RHSA-2023:1516 https://access.redhat.com/errata/RHSA-2023:1516

Comment 9 Product Security DevOps Team 2023-03-29 16:32:29 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-45787

Comment 10 errata-xmlrpc 2023-05-10 11:22:41 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 8

Via RHSA-2023:2706 https://access.redhat.com/errata/RHSA-2023:2706

Comment 11 errata-xmlrpc 2023-05-10 11:23:13 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 9

Via RHSA-2023:2707 https://access.redhat.com/errata/RHSA-2023:2707

Comment 12 errata-xmlrpc 2023-05-10 11:23:41 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 7

Via RHSA-2023:2705 https://access.redhat.com/errata/RHSA-2023:2705

Comment 13 errata-xmlrpc 2023-05-10 11:59:45 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On

Via RHSA-2023:2713 https://access.redhat.com/errata/RHSA-2023:2713

Comment 14 errata-xmlrpc 2023-05-10 14:33:03 UTC

This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2023:2710 https://access.redhat.com/errata/RHSA-2023:2710

Comment 16 errata-xmlrpc 2023-06-27 11:29:01 UTC

This issue has been addressed in the following products:

  RHINT Service Registry 2.4.3 GA

Via RHSA-2023:3815 https://access.redhat.com/errata/RHSA-2023:3815

Comment 17 errata-xmlrpc 2023-06-29 11:09:46 UTC

This issue has been addressed in the following products:

  Red Hat build of Quarkus 2.13.8

Via RHSA-2023:3809 https://access.redhat.com/errata/RHSA-2023:3809

Note You need to log in before you can comment on or make changes to this bug.

aileenc
alazarot
anstephe
asoldano
avibelli
balejosg
bbaranow
bbuckingham
bcourt
bgeorges
bmaxwell
boliveir
brian.stansberry
btotty
cdewolf
chazlett
clement.escoffier
cmiranda
dandread
darran.lofthouse
dhanak
dkreling
dosoudil
drichtar
ecerquei
ehelms
emingora
eric.wittmann
fjuma
fmariani
fmongiar
ggainey
gjospin
gmalinko
gsmet
hamadhan
ibek
istudens
ivassile
iweiss
janstey
jcantril
jkoops
jmartisk
jnethert
jolee
jpavlik
jpoth
jrokos
jschatte
jsherril
jstastny
juwatts
jwon
kverlaen
lgao
lthon
lzap
manderse
max.andersen
mhulan
mnovotny
mosmerov
msochure
msvehla
nipatil
nmoumoul
nwallace
olubyans
orabin
pantinor
pcongius
pcreech
pdelbell
pdrozd
peholase
periklis
pesilva
pgallagh
pjindal
pmackay
porcelli
probinso
pskopek
rchan
rguimara
rjohnson
rkubis
rmartinc
rojacob
rowaters
rrajasek
rruss
rstancel
rstepani
rsvoboda
sausingh
sbiarozk
sdouglas
smaestri
smallamp
sthorger
tcunning
tom.jenkinson
tqvarnst
yfang