Exposure of Resource to Wrong Sphere
CVE-2021-22572
Summary
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is "File.createTempFile" creates files in the system temporary directory with world readable permissions. Any sensitive information written to these files is visible to all other local users on unix-like systems. This issue affects the portability-spi-cloud package in versions prior to 0.3.57.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
References
Advisory Timeline
- Published