Bug 13741

Summary:	[CVE 21] jersey 2.28 CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Yury <y.tumanov>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	RESOLVED DUPLICATE	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	e.kosachev, s.matveev, v.potapov, y.tumanov
Version:	All
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2021-28168,
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Yury 2023-10-18 20:02:28 MSK

Please patch CVEs for package jersey version 2.28
  
INFO (CVEs are): jersey 2.28
 cves found
CVE-2021-28168
Desc: Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-28168
Severity: MEDIUM

Comment 1 Vladimir Potapov 2023-10-20 17:03:38 MSK


*** This bug has been marked as a duplicate of bug 13873 ***