Vulnerability	Vulnerable Version
M Incorrect Permission Assignment for Critical Resource org.codelibs.fess:fess is an Enterprise Search Server. You can install and run Fess quickly on any platforms, which have Java runtime environment. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource. Due to the `createTempFile` method in the class `SystemHelper`, which creates temporary files without explicitly setting restrictive permissions. That allowed an attacker to access sensitive data contained in temporary files. How to fix Incorrect Permission Assignment for Critical Resource? Upgrade `org.codelibs.fess:fess` to version 14.19.2 or higher.	[,14.19.2)

Incorrect Permission Assignment for Critical Resource

org.codelibs.fess:fess is an Enterprise Search Server. You can install and run Fess quickly on any platforms, which have Java runtime environment.

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource. Due to the createTempFile method in the class SystemHelper, which creates temporary files without explicitly setting restrictive permissions. That allowed an attacker to access sensitive data contained in temporary files.

How to fix Incorrect Permission Assignment for Critical Resource?

Upgrade org.codelibs.fess:fess to version 14.19.2 or higher.

[,14.19.2)

Go back to all versions of this package