Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-24823
HistoryMay 06, 2022 - 12:00 a.m.

CVE-2022-24823

2022-05-0600:00:00
ubuntu.com
ubuntu.com
29
netty
framework
version 4.1.77.final
local information disclosure
unix

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

13.3%

Netty is an open-source, asynchronous event-driven network application
framework. The package io.netty:netty-codec-http prior to version
4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty’s
multipart decoders are used local information disclosure can occur via the
local system temporary directory if temporary storing uploads on the disk
is enabled. This only impacts applications running on Java version 6 and
lower. Additionally, this vulnerability impacts code running on Unix-like
systems, and very old versions of Mac OSX and Windows as they all share the
system temporary directory between all users. Version 4.1.77.Final contains
a patch for this vulnerability. As a workaround, specify one’s own
java.io.tmpdir when starting the JVM or use
DefaultHttpDataFactory.setBaseDir(…) to set the directory to something
that is only readable by the current user.

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

13.3%