Описание
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
A flaw was found in the GruntJS package during file.copy operations. This vulnerability is capable of arbitrary file writes, that can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories. This flaw allows a lower-privileged user to create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Affected | ||
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Will not fix | ||
| Red Hat Enterprise Linux 8 | grafana | Not affected | ||
| Red Hat JBoss Data Grid 7 | gruntjs | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | org.jboss.hal-hal-parent | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | gruntjs | Not affected |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...
7.8 High
CVSS3