Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-29429
HistoryApr 12, 2021 - 12:00 a.m.

CVE-2021-29429

2021-04-1200:00:00
ubuntu.com
ubuntu.com
9

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

In Gradle before version 7.0, files created with open permissions in the
system temporary directory can allow an attacker to access information
downloaded by Gradle. Some builds could be vulnerable to a local
information disclosure. Remote files accessed through TextResourceFactory
are downloaded into the system temporary directory first. Sensitive
information contained in these files can be exposed to other local users on
the same system. If you do not use the TextResourceFactory API, you are
not vulnerable. As of Gradle 7.0, uses of the system temporary directory
have been moved to the Gradle User Home directory. By default, this
directory is restricted to the user running the build. As a workaround, set
a more restrictive umask that removes read access to other users. When
files are created in the system temporary directory, they will not be
accessible to other users. If you are unable to change your system’s umask,
you can move the Java temporary directory by setting the System Property
java.io.tmpdir. The new path needs to limit permissions to the build user
only.

Related

osv 2
debiancve 1
alpinelinux 1
prion 1
redhatcve 1
cve 1
openvas 1
nessus 1
redhat 2
osv
osv
CVE-2021-29429
2021-04-12 22:15:13
BIT-gradle-2021-29429
2024-03-06 10:54:42
debiancve
debiancve
CVE-2021-29429
2021-04-12 22:15:00
alpinelinux
alpinelinux
CVE-2021-29429
2021-04-12 22:15:00
prion
prion
Information disclosure
2021-04-12 22:15:00
redhatcve
redhatcve
CVE-2021-29429
2021-04-14 17:39:30
cve
cve
CVE-2021-29429
2021-04-12 22:15:00
openvas
openvas
openSUSE: Security Advisory for gradle, gradle (SUSE-SU-2024:1119-1)
2024-04-06 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle, gradle-bootstrap (SUSE-SU-2024:1119-1)
2024-04-08 00:00:00
redhat
redhat
(RHSA-2022:4623) Moderate: Red Hat build of Quarkus 2.7.5 release and security update
2022-05-18 10:52:45
(RHSA-2021:4767) Moderate: Red Hat Integration Camel Extensions for Quarkus GA security update
2021-11-23 10:29:48

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for UB:CVE-2021-29429
osv2debiancve1alpinelinux1prion1redhatcve1cve1openvas1nessus1redhat2