Skip to main content

Exposure of Resource to Wrong Sphere

CVE-2021-22572

Severity Medium
Score 5.5/10

Summary

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is "File.createTempFile" creates files in the system temporary directory with world readable permissions. Any sensitive information written to these files is visible to all other local users on unix-like systems. This issue affects the portability-spi-cloud package in versions prior to 0.3.57.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Advisory Timeline

  • Published