Lucene search

GitHub Advisory DatabaseGHSA-96VH-4RFP-C42C

HistoryNov 29, 2022 - 6:30 p.m.

HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere

2022-11-2918:30:18

CWE-668

GitHub Advisory Database

github.com

htsjdk

vulnerability

resource exposure

software

temporary file

insecure permissions

createtempdir function

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.9%

JSON

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.

Affected configurations

Vulners

Node

com.github.samtools\Matchhtsjdk

CPENameOperatorVersion
com.github.samtools:htsjdklt3.0.1

CPE	Name	Operator	Version
	com.github.samtools:htsjdk	lt	3.0.1

References

github.com/advisories/GHSA-96vh-4rfp-c42c

github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772

github.com/samtools/htsjdk/pull/1617

nvd.nist.gov/vuln/detail/CVE-2022-21126

security.snyk.io/vuln/SNYK-JAVA-COMGITHUBSAMTOOLS-3149901

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.9%

JSON

Related for GHSA-96VH-4RFP-C42C