oss-sec mailing list archives
CVE-2023-34442: Apache Camel JIRA: Temporary file information disclosure in Camel-Jira
From: Andrea Cosentino <ancosen () gmail com>
Date: Fri, 7 Jul 2023 13:21:42 +0200
Severity: low Affected versions: - Apache Camel JIRA 3.x through <=3.14.8 - Apache Camel JIRA 3.18.x through <=3.18.7 - Apache Camel JIRA 3.20.x through <= 3.20.5 - Apache Camel JIRA 4.x through <= 4.0.0-M3 Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1 This issue is being tracked as CAMEL-19421 Credit: This issue was discovered by Jonathan Leitschuh of the Open Source Security Foundation: Project Alpha-Omega (reporter) References: https://camel.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-34442 https://issues.apache.org/jira/browse/CAMEL-19421 https://camel.apache.org/security/CVE-2023-34442.html
Current thread:
- CVE-2023-34442: Apache Camel JIRA: Temporary file information disclosure in Camel-Jira Andrea Cosentino (Jul 07)