Description
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.
We recommend users to upgrade to MIME4j version 0.8.9 or later.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Apache Software Foundation | Apache James MIME4J | unaffected |
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| EAP 7.4.10 release | |||
| apache-james-mime4j | cpe:/a:redhat:jboss_enterprise_application_platform:7.4 | RHSA-2023:1516 | 2023-03-29T00:00:00Z |
| Red Hat build of Quarkus 2.13.8.Final | |||
| org.apache.james/apache-mime4j-storage:0.8.9.redhat-00001 | cpe:/a:redhat:quarkus:2.13::el8 | RHSA-2023:3809 | 2023-06-29T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | |||
| eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 | RHSA-2023:1513 | 2023-03-29T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | |||
| eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el9eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 | RHSA-2023:1514 | 2023-03-29T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | |||
| eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 | RHSA-2023:1512 | 2023-03-29T00:00:00Z |
| Red Hat Single Sign-On 7 | |||
| apache-james-mime4j | cpe:/a:redhat:red_hat_single_sign_on:7.6.3 | RHSA-2023:2713 | 2023-05-10T00:00:00Z |
| Red Hat Single Sign-On 7.6 for RHEL 7 | |||
| rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el7sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 | RHSA-2023:2705 | 2023-05-10T00:00:00Z |
| Red Hat Single Sign-On 7.6 for RHEL 8 | |||
| rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el8sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 | RHSA-2023:2706 | 2023-05-10T00:00:00Z |
| Red Hat Single Sign-On 7.6 for RHEL 9 | |||
| rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 | RHSA-2023:2707 | 2023-05-10T00:00:00Z |
| RHEL-8 based Middleware Containers | |||
| rh-sso-7/sso76-openshift-rhel8:7.6-22 | cpe:/a:redhat:rhosemc:1.0::el8 | RHSA-2023:2710 | 2023-05-10T00:00:00Z |
| RHINT Service Registry 2.4.3 GA | |||
| apache-james-mime4j | cpe:/a:redhat:service_registry:2.4 | RHSA-2023:3815 | 2023-06-27T00:00:00Z |
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-0529 | Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. |
 Github GHSA |
GHSA-q84x-3476-8ff2 | Apache James MIME4J vulnerable to information disclosure to local users |
References
History
Wed, 09 Apr 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2025-04-09T19:32:09.206Z
Reserved: 2022-11-22T08:49:26.227Z
Link: CVE-2022-45787
Vulnrichment
Updated: 2024-08-03T14:17:04.186Z
NVD
Status : Modified
Published: 2023-01-06T10:15:10.383
Modified: 2025-04-09T20:15:22.730
Link: CVE-2022-45787
Redhat
OpenCVE Enrichment
No data.