Description

Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process.

Remediation

References

https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-002.md

Related Vulnerabilities

CVE-2014-0120 Vulnerability in maven package io.hawt:hawtio-system

CVE-2022-30500 Vulnerability in maven package com.jflyfox:jflyfox_jfinal

CVE-2023-30331 Vulnerability in maven package com.ibeetl:beetl

CVE-2016-10591 Vulnerability in npm package prince

CVE-2021-21623 Vulnerability in maven package org.jenkins-ci.plugins:matrix-auth

Severity

Medium

Classification

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory NVD-CWE-noinfo