In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Created resteasy tracking bugs for this issue: Affects: fedora-all [bug 2170572]
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:1514 https://access.redhat.com/errata/RHSA-2023:1514
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:1513 https://access.redhat.com/errata/RHSA-2023:1513
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:1512 https://access.redhat.com/errata/RHSA-2023:1512
This issue has been addressed in the following products: EAP 7.4.10 release Via RHSA-2023:1516 https://access.redhat.com/errata/RHSA-2023:1516
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0482
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:2706 https://access.redhat.com/errata/RHSA-2023:2706
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:2707 https://access.redhat.com/errata/RHSA-2023:2707
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:2705 https://access.redhat.com/errata/RHSA-2023:2705
This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:2713 https://access.redhat.com/errata/RHSA-2023:2713
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:2710 https://access.redhat.com/errata/RHSA-2023:2710
This issue has been addressed in the following products: AMQ Broker 7.10.3 Via RHSA-2023:3185 https://access.redhat.com/errata/RHSA-2023:3185
This issue has been addressed in the following products: Red Hat build of Quarkus 2.13.8 Via RHSA-2023:3809 https://access.redhat.com/errata/RHSA-2023:3809
This issue has been addressed in the following products: RHPAM 7.13.4 async Via RHSA-2023:4983 https://access.redhat.com/errata/RHSA-2023:4983
This issue has been addressed in the following products: Red Hat AMQ Streams 2.5.0 Via RHSA-2023:5165 https://access.redhat.com/errata/RHSA-2023:5165
This issue has been addressed in the following products: RHPAM 7.13.5 async Via RHSA-2024:1353 https://access.redhat.com/errata/RHSA-2024:1353