CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
13.3%
Netty is an open-source, asynchronous event-driven network application
framework. The package io.netty:netty-codec-http
prior to version
4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty’s
multipart decoders are used local information disclosure can occur via the
local system temporary directory if temporary storing uploads on the disk
is enabled. This only impacts applications running on Java version 6 and
lower. Additionally, this vulnerability impacts code running on Unix-like
systems, and very old versions of Mac OSX and Windows as they all share the
system temporary directory between all users. Version 4.1.77.Final contains
a patch for this vulnerability. As a workaround, specify one’s own
java.io.tmpdir
when starting the JVM or use
DefaultHttpDataFactory.setBaseDir(…) to set the directory to something
that is only readable by the current user.
github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1
github.com/netty/netty/security/advisories/GHSA-269q-hmxg-m83q
github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
launchpad.net/bugs/cve/CVE-2022-24823
nvd.nist.gov/vuln/detail/CVE-2022-24823
security-tracker.debian.org/tracker/CVE-2022-24823
www.cve.org/CVERecord?id=CVE-2022-24823
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
13.3%