VYPR
← All advisories
Low severityNVD Advisory· Published Jul 10, 2023· Updated Oct 7, 2024

Apache Camel JIRA: Temporary file information disclosure in Camel-Jira

CVE-2023-34442

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3.

Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Apache Camel Jira component exposes temporary file path and may leak sensitive data via insecure temp file creation (CVE-2023-34442).

Apache Camel before versions 3.14.9, 3.18.8, 3.20.6, 3.21.0, and 4.0.0-M1 contains an information exposure vulnerability in the FileConverter utility of the camel-jira component [1]. The bug lies in the genericToFile method, which wrote byte array content to a file in the system temporary directory using new File(destDir, genericFile.getFileName()) without proper sanitization [4]. This allowed an attacker who could control the GenericFile filename (e.g., via a JIRA attachment) to create a file at a predictable or attacker-specified location, potentially revealing the temporary path structure or overwriting files [2].

The attack requires the attacker to send a crafted message to a Camel route that uses the Jira component and triggers a file conversion (e.g., processing an attachment). No authentication is required beyond access to the messaging endpoint [1]. The insecure file creation could lead to a path traversal scenario if the filename contains directory traversal sequences, although the code attempted a jail check (getCanonicalPath().startsWith(destDir)) which could be bypassed in some environments [4]. The file was also marked for deletion on JVM exit, but not immediately after use, creating a race condition [2, 4].

A successful exploit could allow an unauthenticated actor to obtain the system's temporary directory path, or in worst-case scenarios, write files to arbitrary locations if the jail check is bypassed, leading to local information disclosure or potential code execution in limited contexts [1]. The vulnerability is rated as information exposure to an unauthorized actor.

The fix involves using Files.createTempFile(prefix, suffix, attrs) to generate a secure, randomized temporary filename and immediately writing content, then scheduling deletion on exit [4]. Users must upgrade to the fixed versions: 3.14.9, 3.18.8, 3.20.6, 3.21.0, or 4.0.0-M1 [1]. Affected versions include 3.X through 3.14.8, 3.18.X through 3.18.7, 3.20.X through 3.20.5, and 4.X through 4.0.0-M3 [1].

References
  1. NVD - CVE-2023-34442
  2. [CAMEL-19421] Camel-Jira: Use Files.createTempFile in FileConverter instead of creating File directly
  3. CAMEL-19421 - Camel-Jira: Use Files.createTempFile in FileConverter i… · apache/camel@b61d5b6

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.camel:camel-jiraMaven
>= 3.0.0-M3, < 3.14.93.14.9
org.apache.camel:camel-jiraMaven
>= 3.15.0, < 3.18.83.18.8
org.apache.camel:camel-jiraMaven
>= 3.20.0, < 3.20.63.20.6
org.apache.camel:camel-jiraMaven
>= 4.0.0-M1, < 4.0.0-RC14.0.0-RC1

Affected products

3
  • Apache/Apache Camelllm-create2 versions
    >=3.0.0, <=3.14.8 OR >=3.18.0, <=3.18.7 OR >=3.20.0, <=3.20.5 OR >=4.0.0-M1, <=4.0.0-M3+ 1 more
    • (no CPE)range: >=3.0.0, <=3.14.8 OR >=3.18.0, <=3.18.7 OR >=3.20.0, <=3.20.5 OR >=4.0.0-M1, <=4.0.0-M3
    • (no CPE)range: 3.x
  • ghsa-coords
    pkg:maven/org.apache.camel/camel-jira
    Range: >= 3.0.0-M3, < 3.14.9

Patches

1
b61d5b6be4f9

CAMEL-19421 - Camel-Jira: Use Files.createTempFile in FileConverter instead of creating File directly

https://github.com/apache/camelAndrea CosentinoJun 6, 2023via ghsa
commit
1 file changed · +6 12
  • components/camel-jira/src/main/java/org/apache/camel/component/jira/FileConverter.java+6 12 modified
    @@ -19,6 +19,7 @@
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.StandardOpenOption;
 
 import org.apache.camel.Converter;
@@ -34,20 +35,13 @@ private FileConverter() {
     @Converter
     public static File genericToFile(GenericFile<File> genericFile, Exchange exchange) throws IOException {
         Object body = genericFile.getBody();
-        File file;
+        File file = null;
+        Path path;
         if (body instanceof byte[]) {
             byte[] bos = (byte[]) body;
-            String destDir = System.getProperty("java.io.tmpdir");
-            if (destDir != null && !destDir.endsWith(File.separator)) {
-                destDir += File.separator;
-            }
-            file = new File(destDir, genericFile.getFileName());
-            if (!file.getCanonicalPath().startsWith(destDir)) {
-                throw new IOException("File is not jailed to the destination directory");
-            }
-            Files.write(file.toPath(), bos, StandardOpenOption.CREATE);
-            // delete the temporary file on exit, as other routing may need the file for post processing
-            file.deleteOnExit();
+            path = Files.createTempFile(genericFile.getFileName(), null, null);
+            Files.write(path, bos, StandardOpenOption.CREATE);
+            path.toFile().deleteOnExit();
         } else {
             file = (File) body;
         }

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.