Incorrect File Permission

2024-02-0707:52:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

spring security

vulnerability

file permission

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

org.springframework.security: spring-security-config is vulnerable to Incorrect File Permissions. The vulnerability is due to insecure permissions assigned to the spring-security.xsd file inside the spring-security-config jar which is world writable. An attacker with access to the filesystem can overwrite this file, resulting in exploitation.

CPENameOperatorVersion
spring-security-configle5.7.10
spring-security-configle6.1.3
spring-security-configle6.0.6
spring-security-configle5.8.6
spring-security-configle5.7.10
spring-security-configle6.1.3
spring-security-configle6.0.6
spring-security-configle5.8.6

Name	Operator	Version
spring-security-config	le	5.7.10
spring-security-config	le	6.1.3
spring-security-config	le	6.0.6
spring-security-config	le	5.8.6
spring-security-config	le	5.7.10
spring-security-config	le	6.1.3
spring-security-config	le	6.0.6
spring-security-config	le	5.8.6