CVE-2023-0482

MEDIUMNVD 5.55.5—

5.5

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

CVSS v3: 5.5
EG Score: 5.5(medium)
EPSS: 15.8%
KEV: Not listed

Published

February 17, 2023

Last Modified

March 18, 2025

References (4)

secalert@redhathttps://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
secalert@redhathttps://security.netapp.com/advisory/ntap-20230427-0001/
af854a3a-2127-422b-91ae-364da2661108https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20230427-0001/

Vendor Advisories for CVE-2023-0482(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

RHSA-2023:6305
Red Hat Product SecurityHigh
Red Hat Security Advisory: Migration Toolkit for Applications security update

Patch Availability(12)

Vendor / Ecosystem	Fixed in / Patch	Released	Source
ubuntu	libresteasy-java (3.6.2-2ubuntu0.22.04.1~esm1) @ jammy	2026-05-25	ubuntu
ubuntu	libresteasy3.0-java (3.0.26-1~18.04.1~esm1) @ bionic	2026-05-25	ubuntu
redhat	RESTEasy	2024-03-18	redhat
redhat	mta/mta-windup-addon-rhel8:6.1.4-2	2023-11-06	redhat
redhat	patch	2023-09-14	redhat
redhat	rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el8sso	2023-05-10	redhat
redhat	rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el7sso	2023-05-10	redhat
redhat	rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso	2023-05-10	redhat
redhat	rh-sso-7/sso76-openshift-rhel8:7.6-22	2023-05-10	redhat
redhat	eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el8eap	2023-03-29	redhat
redhat	eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el9eap	2023-03-29	redhat
redhat	eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el7eap	2023-03-29	redhat

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Affected Packages

(2 across 1 ecosystem)

Maven(2)

Package	Vulnerable range	Fixed in	Dependents
org.jboss.resteasy:resteasy-core	—	3.15.5.Final	—
org.jboss.resteasy:resteasy-multipart-provider	1.0-RC1 ... 3.9.3.SP1 (125 versions)	3.15.5.Final	—

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-378Creation of Temporary File With Insecure Permissions

Additional Vendor Advisories

(15)

Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.

Frequently asked(5)

What is CVE-2023-0482?

CVE-2023-0482 is a medium vulnerability published on February 17, 2023. In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

When was CVE-2023-0482 disclosed?

CVE-2023-0482 was first published in the National Vulnerability Database on February 17, 2023, with the most recent update on March 18, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2023-0482 actively exploited?

CVE-2023-0482 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 15.8% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2023-0482?

CVE-2023-0482 has a CVSS v3 base score of 5.5 (NVD).

How do I remediate CVE-2023-0482?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2023-0482, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2023-0482

Explore →

Is Your Infrastructure Affected by CVE-2023-0482?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs