CVE-2021-22572

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
GoogleCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
googledata_transfer_project
𝑥
< 0.3.57
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-22c6-wcjm-qfjg
https://github.com/google/data-transfer-project/pull/969
https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-22c6-wcjm-qfjg
https://github.com/google/data-transfer-project/pull/969