Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
CVE-2022-45787
5.5MEDIUM
Summary
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.
Affected Version(s)
Apache James MIME4J 0 <= 0.8.8
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jonathan Leitschuh