Lucene search

Redhat.comRH:CVE-2021-21429

HistoryApr 30, 2021 - 7:03 p.m.

CVE-2021-21429

2021-04-3019:03:48

redhat.com

access.redhat.com

cve-2021-21429

openapi generator

jdk security vulnerability

temporary files

maven plug-in

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

12.6%

JSON

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process. The issue has been patched with Files.createTempFile and released in the v5.1.0 stable version.

References

bugzilla.redhat.com/show_bug.cgi?id=1955717

nvd.nist.gov/vuln/detail/CVE-2021-21429

www.cve.org/CVERecord?id=CVE-2021-21429

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for RH:CVE-2021-21429