-
Notifications
You must be signed in to change notification settings - Fork 170
/
CVE-2023-34442.txt.asc
27 lines (19 loc) · 1.21 KB
/
CVE-2023-34442.txt.asc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
CVE-2023-34442: Temporary File Local Information Disclosure in camel-jira
Severity: LOW
Vendor: The Apache Software Foundation
Versions Affected: 3.0.0 up to 3.14.8, and 3.18.0 up to 3.18.7, 3.20.0 up to 3.20.5 and 4.0.0-M1 up to 4.0.0-M3
Description: The Camel-Jira FileConverter class is vulnerable to temporary file information disclosure. If sensitive information is written to this file, all other local users will be able to view the contents of that document.
Mitigation: Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1
Credit: This issue was discovered by Jonathan Leitschuh of the Open Source Security Foundation: Project Alpha-Omega
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmSn2bgACgkQ406fOAL/
QQDnzAf+NV4/lwUKIplIxzZfgzcO4AL6rFadd1cBSP8B5TsMK1petSrVUeB1QHuJ
Ehv3AgQNdgw4GMJ10mZsBp21Pjbii1dH1LxC+p6Dg/xv7ODcj29FYiDCoFUUT12L
YHmLbhMmTsHZ667PKcEKjEBOzuVMQln1tGkdSBEz1/Sfvb62cy7C74ieU7CxP68v
9XQ7NHseoS4/aKcPB9ytOHb23hEr9dEMF1MODZeztUB8RRgTx+RRN3AOXxN9csCC
4FnnQQ+TlaxW2lDR98DrcGci3w/Q9fcrZ6uGjzXbC/du45LixmbcTh2nwQj3Tfdd
gqY2NPh87dCByWCe904DWArHBVKhNg==
=eRGD
-----END PGP SIGNATURE-----