CVE-2021-28168

{"id": "CVE-2021-28168", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "emo@eclipse.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2021-04-22T18:15:08.250", "references": [{"url": "https://github.com/eclipse-ee4j/jersey/pull/4712", "tags": ["Patch", "Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r280438f7cb4b3b1c9dfda9d7b05fa2a5cfab68618c6afee8169ecdaa%40%3Ccommits.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r305fb82e5c005143c1e2ec986a19c0a44f42189ab2580344dc955359%40%3Cdev.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r4066176a7352e021d7a81af460044bde8d57f40e98f8e4a31923af3a%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r42fef440487a04cf5e487a9707ef5119d2dd5b809919f25ef4296fc4%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r454f38e85db149869c5a92c993c402260a4f8599bf283f6cfaada972%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r6dadc8fe82071aba841d673ffadf34728bff4357796b1990a66e3af1%40%3Ccommits.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r96658b899fcdbf04947257d201dc5a0abdbb5fb0a8f4ec0a6c15e70f%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/ra2722171d569370a9e15147d9f3f6138ad9a188ee879c0156aa2d73a%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/ra3290fe51b4546fac195724c4187c4cb7fc5809bc596c2f7e97606f4%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/ra3d7cd37fc794981a885332af2f8df0d873753380ea19935d6d847fc%40%3Cdev.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/rafc3c4cee534f478cbf8acf91e48373e291a21151f030e8132662a7b%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/rc288874c330b3af9e29a1a114c5e0d24fff7a79eaa341f551535c8c0%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/rc6221670de35b819fe191e7d8f2d17bc000549bd554020cec644b71e%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/rd54b42edccc1b993853a9c4943a9b16db763f5e2febf6e64b7d0fe3c%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/rdff6939e6c8dd620e20b013d9a35f57d42b3cd19e1d0483d85dfa2fd%40%3Cjira.kafka.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-378"}, {"lang": "en", "value": "CWE-379"}]}], "descriptions": [{"lang": "en", "value": "Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users."}, {"lang": "es", "value": "Eclipse Jersey versiones 2.28 hasta 2.33 y Eclipse Jersey versiones 3.0.0 hasta 3.0.1, contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n local. Esto es debido al uso de la funci\u00f3n File.createTempFile que crea un archivo dentro del directorio temporal del sistema con los permisos:-rw-r--r--. Por lo tanto, el contenido de este archivo es visible para todos los dem\u00e1s usuarios localmente en el sistema. Como tal, si el contenido escrito es sensible a la seguridad, puede ser revelado a otros usuarios locales"}], "lastModified": "2023-11-07T03:32:06.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jersey:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "950CB985-011C-484C-915C-7B994FEB40E4", "versionEndExcluding": "2.34", "versionStartIncluding": "2.28"}, {"criteria": "cpe:2.3:a:eclipse:jersey:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE1BC821-0033-43A2-BFA3-6E01995F1611", "versionEndExcluding": "3.0.2", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}