Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 7 Jul 2023 13:21:42 +0200
From: Andrea Cosentino <ancosen@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2023-34442: Apache Camel JIRA: Temporary file information
 disclosure in Camel-Jira

Severity: low

Affected versions:

- Apache Camel JIRA 3.x through <=3.14.8
- Apache Camel JIRA 3.18.x through <=3.18.7
- Apache Camel JIRA 3.20.x through <= 3.20.5
- Apache Camel JIRA 4.x through <= 4.0.0-M3

Description:

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Software Foundation Apache Camel.This issue affects Apache Camel:
from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X
through <= 3.20.5, from 4.X through <= 4.0.0-M3.

Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on
Camel 4.x update to 4.0.0-M1

This issue is being tracked as CAMEL-19421

Credit:

This issue was discovered by Jonathan Leitschuh of the Open Source Security
Foundation: Project Alpha-Omega (reporter)

References:

https://camel.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-34442
https://issues.apache.org/jira/browse/CAMEL-19421
https://camel.apache.org/security/CVE-2023-34442.html

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.