Lucene search
GoogleCVELIST:CVE-2021-22571HistoryMar 18, 2022 - 11:05 a.m.
CVE-2021-22571 Information Leak in SA360-webquery-bigquery through read on /tmp
2022-03-1811:05:11
CWE-275
Google
www.cve.org
4
sa360
webquery
bigquery
information leak
local attacker
file read
/tmp folder
staging process
upgrade
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0
Percentile
5.1%
A local attacker could read files from some other users’ SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.
CNA Affected
[
{
"product": "google/sa360-webquery-bigquery",
"vendor": "Google LLC",
"versions": [
{
"lessThanOrEqual": "1.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-03-18 11:15:00
nvd
nvd
CVE-2021-22571
2022-03-18 11:15:07
osv
osv
CVE-2021-22571
2022-03-18 11:15:07
cve
cve
CVE-2021-22571
2022-03-18 11:15:07
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVELIST:CVE-2021-22571