Skip to content

System temporary directory hijacking vulnerability

High
puneetbehl published GHSA-f4m6-5rx3-572c Sep 27, 2021

Package

maven grails-shell (Maven)

Affected versions

4.0.5, 3.3.11

Patched versions

4.0.6, 3.3.12

Description

This vulnerability exists due to a vulnerable method in the Apache Groovy Stdlib. See CVE-2020-17521.

grails-core/grails-shell/src/main/groovy/org/grails/cli/profile/commands/CreateAppCommand.groovy

Line 365 in bde0476

tmpDir = File.createTempDir()

Impact

This vulnerability may impacts Grails users creating applications using the create-app command on shared Linux-like systems.

Workarounds

Setting the java.io.tmpdir system environment variable to a directory that is exclusively owned by the Grails user will fix this vulnerability.

References

  1. CWE-379: Creation of Temporary File in Directory with Insecure Permissions (https://cwe.mitre.org/data/definitions/379.html)
  2. File.createTempFile should not be used to create a directory (https://rules.sonarsource.com/java/tag/owasp/RSPEC-2976)
  3. Apache Groovy CVE-2020-17521
  4. https://docs.groovy-lang.org/latest/html/groovy-jdk/java/io/File.html#createTempDir()
  5. https://docs.groovy-lang.org/latest/html/groovy-jdk/java/io/File.html#createTempDir(java.lang.String,%20java.lang.String)

Credit

This vulnerability was discovered by Jonathan Leitschuh

Severity

High

CVE ID

CVE-2020-17521

Weaknesses

No CWEs

Credits