This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git
The following commit(s) were added to refs/heads/main by this push:
new 5b76951e Added CVE-2023-34442 to Security section
5b76951e is described below
commit 5b76951ef96f8e4621ad5f61fe8665a7982d343a
Author: Andrea Cosentino <[email protected]>
AuthorDate: Fri Jul 7 11:25:07 2023 +0200
Added CVE-2023-34442 to Security section
Signed-off-by: Andrea Cosentino <[email protected]>
---
content/security/CVE-2023-34442.md | 18 ++++++++++++++++++
content/security/CVE-2023-34442.txt.asc | 27 +++++++++++++++++++++++++++
2 files changed, 45 insertions(+)
diff --git a/content/security/CVE-2023-34442.md
b/content/security/CVE-2023-34442.md
new file mode 100644
index 00000000..6f7cd5a7
--- /dev/null
+++ b/content/security/CVE-2023-34442.md
@@ -0,0 +1,18 @@
+---
+title: "Apache Camel Security Advisory - CVE-2023-34442"
+date: 2023-07-07T11:15:42+02:00
+url: /security/CVE-2023-34442.html
+draft: false
+type: security-advisory
+cve: CVE-2023-34442
+severity: LOW
+summary: "Temporary File Local Information Disclosure in camel-jira"
+description: "The Camel-Jira FileConverter class is vulnerable to temporary
file information disclosure. If sensitive information is written to this file,
all other local users will be able to view the contents of that document."
+mitigation: "Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for
users on Camel 4.x update to 4.0.0-M1"
+credit: "This issue was discovered by Jonathan Leitschuh of the Open Source
Security Foundation: Project Alpha-Omega"
+affected: 3.0.0 up to 3.14.8, and 3.18.0 up to 3.18.7, 3.20.0 up to 3.20.5 and
4.0.0-M1 up to 4.0.0-M3
+fixed: 3.14.9, 3.18.8, 3.20.6, 3.21.0 and 4.0.0-RC1
+---
+
+The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-19421 refers to
the various commits that resovoled the issue, and have more details.
+
diff --git a/content/security/CVE-2023-34442.txt.asc
b/content/security/CVE-2023-34442.txt.asc
new file mode 100644
index 00000000..a3391ae3
--- /dev/null
+++ b/content/security/CVE-2023-34442.txt.asc
@@ -0,0 +1,27 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+CVE-2023-34442: Temporary File Local Information Disclosure in camel-jira
+
+Severity: LOW
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: 3.0.0 up to 3.14.8, and 3.18.0 up to 3.18.7, 3.20.0 up to
3.20.5 and 4.0.0-M1 up to 4.0.0-M3
+
+Description: The Camel-Jira FileConverter class is vulnerable to temporary
file information disclosure. If sensitive information is written to this file,
all other local users will be able to view the contents of that document.
+
+Mitigation: Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for
users on Camel 4.x update to 4.0.0-M1
+
+Credit: This issue was discovered by Jonathan Leitschuh of the Open Source
Security Foundation: Project Alpha-Omega
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmSn2bgACgkQ406fOAL/
+QQDnzAf+NV4/lwUKIplIxzZfgzcO4AL6rFadd1cBSP8B5TsMK1petSrVUeB1QHuJ
+Ehv3AgQNdgw4GMJ10mZsBp21Pjbii1dH1LxC+p6Dg/xv7ODcj29FYiDCoFUUT12L
+YHmLbhMmTsHZ667PKcEKjEBOzuVMQln1tGkdSBEz1/Sfvb62cy7C74ieU7CxP68v
+9XQ7NHseoS4/aKcPB9ytOHb23hEr9dEMF1MODZeztUB8RRgTx+RRN3AOXxN9csCC
+4FnnQQ+TlaxW2lDR98DrcGci3w/Q9fcrZ6uGjzXbC/du45LixmbcTh2nwQj3Tfdd
+gqY2NPh87dCByWCe904DWArHBVKhNg==
+=eRGD
+-----END PGP SIGNATURE-----
