Exposure of Resource to Wrong Sphere
CVE-2022-27772
Summary
spring-boot 2.x prior to 2.2.11.RELEASE and 2.3.x prior to 2.3.5.RELEASE is vulnerable to temporary directory hijacking. This vulnerability impacted the "org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir" method.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
References
Advisory Timeline
- Published