Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.
Metrics
No CVSS v4.0
Attack Vector Local
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact None
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Apache |
|
Redhat |
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
EAP 7.4.10 release | |||
apache-james-mime4j | cpe:/a:redhat:jboss_enterprise_application_platform:7.4 | RHSA-2023:1516 | 2023-03-29T00:00:00Z |
Red Hat build of Quarkus 2.13.8.Final | |||
org.apache.james/apache-mime4j-storage:0.8.9.redhat-00001 | cpe:/a:redhat:quarkus:2.13::el8 | RHSA-2023:3809 | 2023-06-29T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | |||
eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | |||
eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | |||
eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
Red Hat Single Sign-On 7 | |||
apache-james-mime4j | cpe:/a:redhat:red_hat_single_sign_on:7.6.3 | RHSA-2023:2713 | 2023-05-10T00:00:00Z |
Red Hat Single Sign-On 7.6 for RHEL 7 | |||
rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el7sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 | RHSA-2023:2705 | 2023-05-10T00:00:00Z |
Red Hat Single Sign-On 7.6 for RHEL 8 | |||
rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el8sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 | RHSA-2023:2706 | 2023-05-10T00:00:00Z |
Red Hat Single Sign-On 7.6 for RHEL 9 | |||
rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 | RHSA-2023:2707 | 2023-05-10T00:00:00Z |
RHEL-8 based Middleware Containers | |||
rh-sso-7/sso76-openshift-rhel8:7.6-22 | cpe:/a:redhat:rhosemc:1.0::el8 | RHSA-2023:2710 | 2023-05-10T00:00:00Z |
RHINT Service Registry 2.4.3 GA | |||
apache-james-mime4j | cpe:/a:redhat:service_registry:2.4 | RHSA-2023:3815 | 2023-06-27T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-01-06T09:31:40.118Z
Updated: 2024-08-03T14:17:04.186Z
Reserved: 2022-11-22T08:49:26.227Z
Link: CVE-2022-45787
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-06T10:15:10.383
Modified: 2024-11-21T07:29:42.970
Link: CVE-2022-45787
Redhat