[Bugs] [Bug 13252] New: [CVE 21] jersey 2.28 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13252

          Platform: 2021.1
            Bug ID: 13252
           Summary: [CVE 21] jersey 2.28 CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2021-28168,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package jersey version 2.28  
INFO (CVEs are): jersey 2.28 cves found
CVE-2021-28168
Desc: Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a
local information disclosure vulnerability. This is due to the use of the
File.createTempFile which creates a file inside of the system temporary
directory with the permissions: -rw-r--r--. Thus the contents of this file are
viewable by all other users locally on the system. As such, if the contents
written is security sensitive, it can be disclosed to other local users.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-28168
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230502/bbccc6c9/attachment.html>