Lucene search

@huntrdevCVE-2022-1537

HistoryMay 10, 2022 - 2:15 p.m.

CVE-2022-1537

2022-05-1014:15:08

CWE-367

@huntrdev

web.nvd.nist.gov

cve-2022-1537

gruntjs

github

vulnerability

toctou

race condition

arbitrary file write

local privilege escalation

nvd

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user’s .bashrc file or replace /etc/shadow file if the GruntJS user is root.

Affected configurations

Nvd

Node

gruntjsgruntRange<1.5.3node.js

VendorProductVersionCPE
gruntjsgrunt*cpe:2.3:a:gruntjs:grunt:*:*:*:*:*:node.js:*:*

Vendor	Product	Version	CPE
gruntjs	grunt	*	cpe:2.3:a:gruntjs:grunt::::::node.js::*

CNA Affected

[
  {
    "vendor": "gruntjs",
    "product": "gruntjs/grunt",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.5.3",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]