CVE-2022-45787
Aliases:GHSA-q84x-3476-8ff2
Advisory lineage Upstream: 0 Downstream: 6
Modified
Published: 06 Jan 2023, 09:31
Last modified:09 Apr 2025, 19:32
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
v3.1 (cve.org)
EPSS Score
<0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
06 Jan 2023, 09:31
Published
Vulnerability first disclosed
09 Apr 2025, 19:32
Last Modified
Vulnerability information updated
Description
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Trends
Current EPSS score: 0.01%• Percentile: 1%
Techniques & Countermeasures
- CWE-312•Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Affected Systems
- apache software foundation•apache james mime4j
≤ 0.8.8
- apache•james
< 0.8.9
- org.apache.james•apache-mime4j-storage
< 0.8.9
References (6)
- https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj
- https://nvd.nist.gov/vuln/detail/CVE-2022-45787
- https://github.com/apache/james-mime4j/commit/021eb79ba312fe5a7f99fa867ee5350aa5533069
- https://github.com/apache/james-mime4j
- https://github.com/apache/james-mime4j/blob/master/CHANGELOG.md#089---2022-12-30
- https://issues.apache.org/jira/browse/MIME4J-322