CVE-2023-0482 Overview
A local information disclosure vulnerability exists in RESTEasy where the insecure File.createTempFile() method is used in the DataSourceProvider, FileProvider, and Mime4JWorkaround classes. This creates temporary files with insecure permissions that could be read by a local user, potentially exposing sensitive data processed by RESTEasy-based applications.
Critical Impact
Local attackers with low privileges can read sensitive data from temporary files created by RESTEasy applications due to insecure file permissions.
Affected Products
- Red Hat RESTEasy versions 3.15.4, 4.7.7, 5.0.5, and 6.2.2
- NetApp Active IQ Unified Manager (Linux, vSphere, Windows)
- NetApp OnCommand Workflow Automation
Discovery Timeline
- 2023-02-17 - CVE-2023-0482 published to NVD
- 2025-03-18 - Last updated in NVD database
Technical Details for CVE-2023-0482
Vulnerability Analysis
This vulnerability stems from the use of Java's deprecated File.createTempFile() method within RESTEasy's file handling components. When RESTEasy processes certain requests that require temporary file storage—such as multipart form data or data source operations—it creates temporary files using this insecure method. The core issue is that File.createTempFile() creates files with default permissions that may allow read access to other local users on the system, depending on the operating system's default umask settings.
The affected classes—DataSourceProvider, FileProvider, and Mime4JWorkaround—are integral to RESTEasy's request processing pipeline and handle various data transformation and storage operations. Any sensitive data processed through these providers could be temporarily written to disk with overly permissive access controls.
Root Cause
The root cause is the use of the legacy File.createTempFile() API instead of the more secure java.nio.file.Files.createTempFile() method introduced in Java 7. The newer NIO.2 API allows explicit specification of file attributes and permissions during file creation, enabling secure-by-default temporary file creation with restricted permissions. The vulnerable code path does not properly restrict file permissions, violating the principle of least privilege for temporary file access (CWE-378: Creation of Temporary File With Insecure Permissions).
Attack Vector
The attack requires local access to the system running a RESTEasy-based application. An attacker with a local user account can monitor the temporary directory (typically /tmp on Linux or %TEMP% on Windows) for newly created temporary files. When RESTEasy processes requests containing sensitive data, the attacker can read the contents of these temporary files before they are deleted, potentially exposing confidential information such as uploaded files, session data, or application-specific sensitive content.
The attack exploits a race condition window between file creation and deletion, combined with the insecure default permissions. On multi-user systems or shared hosting environments, this poses a significant confidentiality risk.
Detection Methods for CVE-2023-0482
Indicators of Compromise
- Unexpected access to temporary files in /tmp or system temp directories by non-application users
- Audit log entries showing file reads on RESTEasy temporary files by unauthorized local accounts
- Suspicious monitoring processes watching temporary directories for new file creation
Detection Strategies
- Monitor file access patterns in temporary directories for applications using RESTEasy
- Implement file integrity monitoring on temp directories to detect unauthorized reads
- Review application logs for unusual data processing patterns that may indicate exploitation
- Use process monitoring to detect local users accessing application temp files
Monitoring Recommendations
- Enable auditd or equivalent file access auditing on Linux systems for temp directories
- Configure SentinelOne's behavioral AI to detect suspicious temp file access patterns
- Implement real-time alerting for unauthorized file access attempts on RESTEasy temp files
- Monitor for reconnaissance activities targeting temporary file locations
How to Mitigate CVE-2023-0482
Immediate Actions Required
- Upgrade RESTEasy to a patched version that addresses the insecure temp file creation
- Review and restrict file permissions on temporary directories where possible
- Implement restrictive umask settings for application processes running RESTEasy
- Limit local user access on servers running RESTEasy-based applications
Patch Information
Red Hat has addressed this vulnerability through a code fix that replaces the insecure File.createTempFile() calls with secure alternatives. The fix is available in the RESTEasy GitHub commit. NetApp customers should consult the NetApp Security Advisory NTAP-20230427-0001 for guidance on affected products.
Workarounds
- Configure a dedicated temporary directory with restrictive permissions (700) for RESTEasy applications
- Run RESTEasy applications under a dedicated service account with no shared access
- Implement filesystem-level access controls to isolate application temp directories
- Consider containerization to provide process isolation and separate temp filesystems
# Configuration example - Secure temp directory for RESTEasy application
mkdir -p /opt/resteasy-app/tmp
chmod 700 /opt/resteasy-app/tmp
chown appuser:appgroup /opt/resteasy-app/tmp
# Set Java temp directory for the application
export JAVA_OPTS="-Djava.io.tmpdir=/opt/resteasy-app/tmp"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
