GitHub_MCVELIST:CVE-2021-21428CVE-2021-21428 Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
9.3 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.8%
Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system. The issue has been patched with Files.createTempFile and released in the v5.1.0 stable version.
CNA Affected
[
{
"product": "openapi-generator",
"vendor": "OpenAPITools",
"versions": [
{
"status": "affected",
"version": "< 5.1.0"
}
]
}
]Related
9.3 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.8%