Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2021-28168

Published: 22/04/2021 Updated: 07/11/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 188
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Eclipse

Vulnerability Summary

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

eclipse jersey

oracle communications cloud native core policy 1.15.0

oracle communications cloud native core unified data repository 1.15.0

Vendor Advisories

Red Hat: Important: Red Hat Integration Camel-K 1.6.4 release and security update
Synopsis Important: Red Hat Integration Camel-K 164 release and security update Type/Severity Security Advisory: Important Topic A micro version update (from 163 to 164) is now available for Red Hat Integration Camel K that includes bug fixes and enhancements The purpose of this text-only errata is to inform you about the security issu ...
Red Hat: Moderate: Red Hat Integration Camel Extensions for Quarkus 2.2.1 security update
Synopsis Moderate: Red Hat Integration Camel Extensions for Quarkus 221 security update Type/Severity Security Advisory: Moderate Topic A security update to Red Hat Integration Camel Extensions for Quarkus 22 is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Product Security has ...
Red Hat: CVE-2021-28168
Eclipse Jersey 228 to 233 and Eclipse Jersey 300 to 301 contains a local information disclosure vulnerability This is due to the use of the FilecreateTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r-- Thus the contents of this file are viewable by all other users locally on the system A ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer, Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint
Hitachi Ops Center Analyzer contain the following vulnerabilities: CVE-2021-28168, CVE-2022-25647 Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint contain the following vulnerabilities: CVE-2022-0778, CVE-2022-1552, CVE-2022-25647 Affected products and versions are listed below Please upgrade your version to the app ...

References

CWE-668https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crvhttps://github.com/eclipse-ee4j/jersey/pull/4712https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.apache.org/thread.html/rd54b42edccc1b993853a9c4943a9b16db763f5e2febf6e64b7d0fe3c%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rc6221670de35b819fe191e7d8f2d17bc000549bd554020cec644b71e%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/ra3d7cd37fc794981a885332af2f8df0d873753380ea19935d6d847fc%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rc288874c330b3af9e29a1a114c5e0d24fff7a79eaa341f551535c8c0%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r4066176a7352e021d7a81af460044bde8d57f40e98f8e4a31923af3a%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r42fef440487a04cf5e487a9707ef5119d2dd5b809919f25ef4296fc4%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rafc3c4cee534f478cbf8acf91e48373e291a21151f030e8132662a7b%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r454f38e85db149869c5a92c993c402260a4f8599bf283f6cfaada972%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r96658b899fcdbf04947257d201dc5a0abdbb5fb0a8f4ec0a6c15e70f%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r6dadc8fe82071aba841d673ffadf34728bff4357796b1990a66e3af1%40%3Ccommits.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r280438f7cb4b3b1c9dfda9d7b05fa2a5cfab68618c6afee8169ecdaa%40%3Ccommits.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rdff6939e6c8dd620e20b013d9a35f57d42b3cd19e1d0483d85dfa2fd%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r305fb82e5c005143c1e2ec986a19c0a44f42189ab2580344dc955359%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/ra2722171d569370a9e15147d9f3f6138ad9a188ee879c0156aa2d73a%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/ra3290fe51b4546fac195724c4187c4cb7fc5809bc596c2f7e97606f4%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:1029https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-126/index.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook