|
Date: Fri, 7 Jul 2023 13:21:42 +0200 From: Andrea Cosentino <ancosen@...il.com> To: oss-security@...ts.openwall.com Subject: CVE-2023-34442: Apache Camel JIRA: Temporary file information disclosure in Camel-Jira Severity: low Affected versions: - Apache Camel JIRA 3.x through <=3.14.8 - Apache Camel JIRA 3.18.x through <=3.18.7 - Apache Camel JIRA 3.20.x through <= 3.20.5 - Apache Camel JIRA 4.x through <= 4.0.0-M3 Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1 This issue is being tracked as CAMEL-19421 Credit: This issue was discovered by Jonathan Leitschuh of the Open Source Security Foundation: Project Alpha-Omega (reporter) References: https://camel.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-34442 https://issues.apache.org/jira/browse/CAMEL-19421 https://camel.apache.org/security/CVE-2023-34442.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.