Vulnerability — CVE-2021-28168

CVE-2021-28168

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2021-28168
Description:: Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
Last updated date:: 07/29/2022

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/03/2022
Reference url to background: https://lists.apache.org/thread.html/r280438f7cb4b3b1c9dfda9d7b05fa2a5cfab68618c6afee8169ecdaa@%3Ccommits.kafka.apache.org%3E

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/03/2022
Reference url to background: https://lists.apache.org/thread.html/r6dadc8fe82071aba841d673ffadf34728bff4357796b1990a66e3af1@%3Ccommits.kafka.apache.org%3E