5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
12.4%
Netty is an open-source, asynchronous event-driven network application
framework for rapid development of maintainable high performance protocol
servers & clients. In Netty before version 4.1.59.Final there is a
vulnerability on Unix-like systems involving an insecure temp file. When
netty’s multipart decoders are used local information disclosure can occur
via the local system temporary directory if temporary storing uploads on
the disk is enabled. On unix-like systems, the temporary directory is
shared between all user. As such, writing to this directory using APIs that
do not explicitly set the file/directory permissions can lead to
information disclosure. Of note, this does not impact modern MacOS
Operating Systems. The method “File.createTempFile” on unix-like systems
creates a random file, but, by default will create this file with the
permissions “-rw-r–r–”. Thus, if sensitive information is written to this
file, other local users can read this information. This is the case in
netty’s “AbstractDiskHttpData” is vulnerable. This has been fixed in
version 4.1.59.Final. As a workaround, one may specify your own
“java.io.tmpdir” when you start the JVM or use
“DefaultHttpDataFactory.setBaseDir(…)” to set the directory to something
that is only readable by the current user.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | netty | < 1:4.1.7-4ubuntu0.1+esm2 | UNKNOWN |
ubuntu | 20.04 | noarch | netty | < 1:4.1.45-1ubuntu0.1~esm1 | UNKNOWN |
ubuntu | 22.04 | noarch | netty | < 1:4.1.48-4+deb11u1build0.22.04.1 | UNKNOWN |
ubuntu | 22.10 | noarch | netty | < 1:4.1.48-5ubuntu0.1 | UNKNOWN |
ubuntu | 23.10 | noarch | netty | < 1:4.1.48-2 | UNKNOWN |
ubuntu | 14.04 | noarch | netty | < any | UNKNOWN |
ubuntu | 16.04 | noarch | netty | < 1:4.0.34-1ubuntu0.1~esm1 | UNKNOWN |
github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
launchpad.net/bugs/cve/CVE-2021-21290
nvd.nist.gov/vuln/detail/CVE-2021-21290
security-tracker.debian.org/tracker/CVE-2021-21290
ubuntu.com/security/notices/USN-6049-1
www.cve.org/CVERecord?id=CVE-2021-21290
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
12.4%