CVE-2022-45787

Cleartext Storage of Sensitive Information in maven/org.apache.james/apache-mime4j-storage

Identifiers

GHSA-q84x-3476-8ff2, CVE-2022-45787

Package Slug

maven/org.apache.james/apache-mime4j-storage

Vulnerability

Cleartext Storage of Sensitive Information

Description

Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.

We recommend users to upgrade to MIME4j version 0.8.9 or later.

Affected Versions

All versions before 0.8.9

Solution

Upgrade to version 0.8.9 or above.

Last Modified

2023-11-16

source