Security Bulletin: Vulnerability in SpringBoot affects watsonx.data

Summary Spring Boot could allow a local authenticated attacker to gain elevated privileges on the system. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-27772 DESCRIPTION: Spring Boot could allow a local authenticated attacker to gain elevated privileges on the system, cause...

Directory Hijacking

com.manydesigns:portofino-microservice-launcher is vulnerable to directory hijacking. A local authenticated attacker is able to create temporary files inside unauthorized directories through createTempDir function of the file WarFileLauncher.java, resulting in disclosure of sensitive information...

GHSA-CM59-PR5Q-CW85 Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. The vulnerable method is used to create a work directory for embedd...

CVE-2022-27772

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that...

CVE-2022-27772

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that...

Directory traversal

UNSUPPORTED WHEN ASSIGNED spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects...

PT-2022-18576 · Spring +2 · Spring Boot +2

Name of the Vulnerable Software and Affected Versions: spring-boot versions prior to version v2.2.11.RELEASE Description: The issue is related to temporary directory hijacking, impacting the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. This...

VMware Spring Boot 安全漏洞

VMware Spring Boot is an open source framework from VMware. A security vulnerability exists in VMware Spring Boot versions prior to 2.2.11, which stems from vulnerability to temporary directory hijacking...

GHSA-6XP6-FMC8-PMMR Temporary Directory Hijacking Vulnerability in Keycloak

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is ...

jetty: local temporary directory hijacking vulnerability

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub...

jetty: local temporary directory hijacking vulnerability

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub...

jetty: local temporary directory hijacking vulnerability

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub...

PYSEC-2020-5

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

CVE-2019-13356

In Total Defense Anti-virus 9.0.0.773, an insecure access-control issue in the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows a local attacker to hijack bdcore.dll and escalate privileges when the AMRT service loads the DLL. The core issue is improper ac...