CVE-2022-45787

CVE-2022-45787: Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider

Vendor Apache Software Foundation

Product Apache James MIME4J

Weakness CWE-312 · Cleartext storage

Published January 6, 2023

Last update April 9, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.

Key dates

Disclosure timeline

January 6, 2023 CVE published

April 9, 2025 Record updated