Home
MEDIUM: 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LDefault status
unaffected
4.0.0 (custom) before 4.0.7
affected
3.5.0 (custom) before 3.5.15
affected
3.4.0 (custom) before 3.4.17
affected
3.3.0 (custom) before 3.3.20
affected
2.7.0 (custom) before 2.7.34
affected
Description
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16; 3.3.0 through 3.3.19; 2.7.0 through 2.7.33.
Problem types
CWE-377: Insecure Temporary File
Product status
4.0.0 (custom) before 4.0.7
3.5.0 (custom) before 3.5.15
3.4.0 (custom) before 3.4.17
3.3.0 (custom) before 3.3.20
2.7.0 (custom) before 2.7.34
References
spring.io/security/cve-2026-41001