You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2023/07/07 09:25:35 UTC

[camel-website] 01/01: Added CVE-2023-34442 to Security section

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch CVE-2023-34442
in repository https://gitbox.apache.org/repos/asf/camel-website.git

commit e9e71a061c8a2a082b3f743101000349c961fcc0
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Fri Jul 7 11:25:07 2023 +0200

    Added CVE-2023-34442 to Security section
    
    Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
 content/security/CVE-2023-34442.md      | 18 ++++++++++++++++++
 content/security/CVE-2023-34442.txt.asc | 27 +++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/content/security/CVE-2023-34442.md b/content/security/CVE-2023-34442.md
new file mode 100644
index 00000000..6f7cd5a7
--- /dev/null
+++ b/content/security/CVE-2023-34442.md
@@ -0,0 +1,18 @@
+---
+title: "Apache Camel Security Advisory - CVE-2023-34442"
+date: 2023-07-07T11:15:42+02:00
+url: /security/CVE-2023-34442.html
+draft: false
+type: security-advisory
+cve: CVE-2023-34442
+severity: LOW
+summary: "Temporary File Local Information Disclosure in camel-jira"
+description: "The Camel-Jira FileConverter class is vulnerable to temporary file information disclosure. If sensitive information is written to this file, all other local users will be able to view the contents of that document."
+mitigation: "Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1"
+credit: "This issue was discovered by Jonathan Leitschuh of the Open Source Security Foundation: Project Alpha-Omega"
+affected: 3.0.0 up to 3.14.8, and 3.18.0 up to 3.18.7, 3.20.0 up to 3.20.5 and 4.0.0-M1 up to 4.0.0-M3
+fixed: 3.14.9, 3.18.8, 3.20.6, 3.21.0 and 4.0.0-RC1
+---
+
+The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-19421 refers to the various commits that resovoled the issue, and have more details.
+
diff --git a/content/security/CVE-2023-34442.txt.asc b/content/security/CVE-2023-34442.txt.asc
new file mode 100644
index 00000000..a3391ae3
--- /dev/null
+++ b/content/security/CVE-2023-34442.txt.asc
@@ -0,0 +1,27 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+CVE-2023-34442: Temporary File Local Information Disclosure in camel-jira
+
+Severity: LOW
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: 3.0.0 up to 3.14.8, and 3.18.0 up to 3.18.7, 3.20.0 up to 3.20.5 and 4.0.0-M1 up to 4.0.0-M3
+
+Description: The Camel-Jira FileConverter class is vulnerable to temporary file information disclosure. If sensitive information is written to this file, all other local users will be able to view the contents of that document.
+
+Mitigation: Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1
+
+Credit: This issue was discovered by Jonathan Leitschuh of the Open Source Security Foundation: Project Alpha-Omega
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmSn2bgACgkQ406fOAL/
+QQDnzAf+NV4/lwUKIplIxzZfgzcO4AL6rFadd1cBSP8B5TsMK1petSrVUeB1QHuJ
+Ehv3AgQNdgw4GMJ10mZsBp21Pjbii1dH1LxC+p6Dg/xv7ODcj29FYiDCoFUUT12L
+YHmLbhMmTsHZ667PKcEKjEBOzuVMQln1tGkdSBEz1/Sfvb62cy7C74ieU7CxP68v
+9XQ7NHseoS4/aKcPB9ytOHb23hEr9dEMF1MODZeztUB8RRgTx+RRN3AOXxN9csCC
+4FnnQQ+TlaxW2lDR98DrcGci3w/Q9fcrZ6uGjzXbC/du45LixmbcTh2nwQj3Tfdd
+gqY2NPh87dCByWCe904DWArHBVKhNg==
+=eRGD
+-----END PGP SIGNATURE-----