CVE-2022-21126

2022-11-2917:15:11

Google

osv.dev

cve-2022-21126

temporary file vulnerability

directory permissions

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.9%

JSON

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.

CPENameOperatorVersion
htsjdkeq2.21.1
htsjdkeq1.133
htsjdkeq2.10.0
htsjdkeq1.135
htsjdkeq2.20.0
htsjdkeq2.21.0
htsjdkeq2.7.0
htsjdkeq1.118
htsjdkeq1.115
htsjdkeq2.22.0