ByteOS Network

jersey

Source -

CNANVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2021-28168

Assigner-Eclipse Foundation

View Details

Assigner-Eclipse Foundation

CVSS Score-6.2||MEDIUM

EPSS-0.16% / 37.26%

7 Day CHG~0.00%

Published-22 Apr, 2021 | 17:35

Updated-03 Aug, 2024 | 21:40

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.

Vendor-Oracle Corporation Eclipse Foundation AISBL

Product-communications_cloud_native_core_policy jersey communications_cloud_native_core_unified_data_repository Eclipse Jersey

CWE ID-CWE-378

Creation of Temporary File With Insecure Permissions

CWE ID-CWE-379

Creation of Temporary File in Directory with Insecure Permissions

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2014-3643

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.