CVE-2021-22571

Опубликовано: 18 мар. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.

Ссылки

https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7fjx-657r-9r5h
Third Party Advisory
https://github.com/google/sa360-webquery-bigquery/pull/15
Patch
Third Party Advisory
https://github.com/google/sa360-webquery-bigquery/releases/tag/v1.0.3
Release Notes
Third Party Advisory
https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7fjx-657r-9r5h
Third Party Advisory
https://github.com/google/sa360-webquery-bigquery/pull/15
Patch
Third Party Advisory
https://github.com/google/sa360-webquery-bigquery/releases/tag/v1.0.3
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:google:sa360_webquery_to_bigquery_exporter:*:*:*:*:*:*:*:*

Версия до 1.0.3 (исключая)

EPSS

Процентиль: 8%

0.00029

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-275

CWE-276

Связанные уязвимости

GHSA-jwjr-63x8-g58w