-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2023-34442: Temporary File Local Information Disclosure in camel-jira

Severity: LOW

Vendor: The Apache Software Foundation

Versions Affected: 3.0.0 up to 3.14.8, and 3.18.0 up to 3.18.7, 3.20.0 up to 3.20.5 and 4.0.0-M1 up to 4.0.0-M3

Description: The Camel-Jira FileConverter class is vulnerable to temporary file information disclosure. If sensitive information is written to this file, all other local users will be able to view the contents of that document.

Mitigation: Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1

Credit: This issue was discovered by Jonathan Leitschuh of the Open Source Security Foundation: Project Alpha-Omega
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmSn2bgACgkQ406fOAL/
QQDnzAf+NV4/lwUKIplIxzZfgzcO4AL6rFadd1cBSP8B5TsMK1petSrVUeB1QHuJ
Ehv3AgQNdgw4GMJ10mZsBp21Pjbii1dH1LxC+p6Dg/xv7ODcj29FYiDCoFUUT12L
YHmLbhMmTsHZ667PKcEKjEBOzuVMQln1tGkdSBEz1/Sfvb62cy7C74ieU7CxP68v
9XQ7NHseoS4/aKcPB9ytOHb23hEr9dEMF1MODZeztUB8RRgTx+RRN3AOXxN9csCC
4FnnQQ+TlaxW2lDR98DrcGci3w/Q9fcrZ6uGjzXbC/du45LixmbcTh2nwQj3Tfdd
gqY2NPh87dCByWCe904DWArHBVKhNg==
=eRGD
-----END PGP SIGNATURE-----