{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat build of Quarkus.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release of Red Hat build of Quarkus 2.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.\n\nSecurity Fix(es):\n\n* gradle: information disclosure through temporary directory permissions (CVE-2021-29429)\n\n* gradle: repository content filters do not work in Settings pluginManagement (CVE-2021-29427)\n\n* gradle: local privilege escalation through system temporary director (CVE-2021-29428)\n\n* smallrye-health-ui: persistent cross-site scripting in endpoint (CVE-2021-3914)\n\n* Quarkus Resteasy component may return Resteasy implementation details \n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus (CVE-2022-0981)\n\n* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:4623",
        "url": "https://access.redhat.com/errata/RHSA-2022:4623"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=2.7.5",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=2.7.5"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.7/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.7/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/4966181",
        "url": "https://access.redhat.com/articles/4966181"
      },
      {
        "category": "external",
        "summary": "1949636",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949636"
      },
      {
        "category": "external",
        "summary": "1949638",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949638"
      },
      {
        "category": "external",
        "summary": "1949643",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949643"
      },
      {
        "category": "external",
        "summary": "2018015",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018015"
      },
      {
        "category": "external",
        "summary": "2031958",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
      },
      {
        "category": "external",
        "summary": "2039903",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039903"
      },
      {
        "category": "external",
        "summary": "2047343",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343"
      },
      {
        "category": "external",
        "summary": "2050863",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863"
      },
      {
        "category": "external",
        "summary": "2062520",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062520"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_4623.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.7.5 release and security update",
    "tracking": {
      "current_release_date": "2024-09-16T08:08:43+00:00",
      "generator": {
        "date": "2024-09-16T08:08:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2022:4623",
      "initial_release_date": "2022-05-18T10:56:05+00:00",
      "revision_history": [
        {
          "date": "2022-05-18T10:56:05+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-05-18T10:56:05+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T08:08:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat build of Quarkus 2.7.5",
                "product": {
                  "name": "Red Hat build of Quarkus 2.7.5",
                  "product_id": "Red Hat build of Quarkus 2.7.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:quarkus:2.7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat build of Quarkus"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3914",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-10-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2018015"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "smallrye-health-ui: persistent cross-site scripting in endpoint",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Quarkus 2.7.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3914"
        },
        {
          "category": "external",
          "summary": "RHBZ#2018015",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018015"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3914"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3914",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3914"
        }
      ],
      "release_date": "2021-10-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat build of Quarkus 2.7.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Quarkus 2.7.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "smallrye-health-ui: persistent cross-site scripting in endpoint"
    },
    {
      "cve": "CVE-2021-22569",
      "cwe": {
        "id": "CWE-696",
        "name": "Incorrect Behavior Order"
      },
      "discovery_date": "2022-01-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2039903"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in protobuf-java. Google Protocol Buffer (protobuf-java) allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "protobuf-java: potential DoS in the parsing procedure for binary data",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Quarkus 2.7.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-22569"
        },
        {
          "category": "external",
          "summary": "RHBZ#2039903",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039903"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22569",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569"
        },
        {
          "category": "external",
          "summary": "https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b",
          "url": "https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b"
        },
        {
          "category": "external",
          "summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67",
          "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67"
        }
      ],
      "release_date": "2022-01-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat build of Quarkus 2.7.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Quarkus 2.7.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "protobuf-java: potential DoS in the parsing procedure for binary data"
    },
    {
      "cve": "CVE-2021-29427",
      "cwe": {
        "id": "CWE-829",
        "name": "Inclusion of Functionality from Untrusted Control Sphere"
      },
      "discovery_date": "2021-04-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1949638"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the \"A Confusing Dependency\" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gradle: repository content filters do not work in Settings pluginManagement",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Quarkus 2.7.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-29427"
        },
        {
          "category": "external",
          "summary": "RHBZ#1949638",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949638"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29427"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29427",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29427"
        }
      ],
      "release_date": "2021-04-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat build of Quarkus 2.7.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Quarkus 2.7.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gradle: repository content filters do not work in Settings pluginManagement"
    },
    {
      "cve": "CVE-2021-29428",
      "cwe": {
        "id": "CWE-276",
        "name": "Incorrect Default Permissions"
      },
      "discovery_date": "2021-04-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1949643"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gradle: local privilege escalation through system temporary directory",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Quarkus 2.7.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-29428"
        },
        {
          "category": "external",
          "summary": "RHBZ#1949643",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949643"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29428"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29428",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29428"
        }
      ],
      "release_date": "2021-04-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat build of Quarkus 2.7.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Quarkus 2.7.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gradle: local privilege escalation through system temporary directory"
    },
    {
      "cve": "CVE-2021-29429",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-04-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1949636"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system\u0027s umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gradle: information disclosure through temporary directory permissions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Quarkus 2.7.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-29429"
        },
        {
          "category": "external",
          "summary": "RHBZ#1949636",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949636"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29429",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29429"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29429",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29429"
        }
      ],
      "release_date": "2021-04-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat build of Quarkus 2.7.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Quarkus 2.7.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "gradle: information disclosure through temporary directory permissions"
    },
    {
      "cve": "CVE-2021-43797",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2031958"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: control chars in header names may lead to HTTP request smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Quarkus 2.7.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-43797"
        },
        {
          "category": "external",
          "summary": "RHBZ#2031958",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
        }
      ],
      "release_date": "2021-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat build of Quarkus 2.7.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Quarkus 2.7.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: control chars in header names may lead to HTTP request smuggling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Sanne Grinovero"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2022-0981",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2022-02-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2062520"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Quarkus 2.7.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-0981"
        },
        {
          "category": "external",
          "summary": "RHBZ#2062520",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062520"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0981"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0981",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0981"
        },
        {
          "category": "external",
          "summary": "https://github.com/quarkusio/quarkus/issues/23269",
          "url": "https://github.com/quarkusio/quarkus/issues/23269"
        }
      ],
      "release_date": "2022-02-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat build of Quarkus 2.7.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Quarkus 2.7.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus"
    },
    {
      "cve": "CVE-2022-21363",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges "
      },
      "discovery_date": "2022-01-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2047343"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Quarkus 2.7.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21363"
        },
        {
          "category": "external",
          "summary": "RHBZ#2047343",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363"
        },
        {
          "category": "external",
          "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL",
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL"
        }
      ],
      "release_date": "2022-01-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat build of Quarkus 2.7.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Quarkus 2.7.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors"
    },
    {
      "cve": "CVE-2022-21724",
      "cwe": {
        "id": "CWE-665",
        "name": "Improper Initialization"
      },
      "discovery_date": "2022-02-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2050863"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Quarkus 2.7.5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21724"
        },
        {
          "category": "external",
          "summary": "RHBZ#2050863",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21724",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21724"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4",
          "url": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4"
        }
      ],
      "release_date": "2022-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat build of Quarkus 2.7.5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:4623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Quarkus 2.7.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes"
    }
  ]
}

{
  "GSD": {
    "alias": "CVE-2021-29428",
    "description": "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.",
    "id": "GSD-2021-29428",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-29428.html",
      "https://security.archlinux.org/CVE-2021-29428",
      "https://access.redhat.com/errata/RHSA-2022:4623"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-29428"
      ],
      "details": "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.",
      "id": "GSD-2021-29428",
      "modified": "2023-12-13T01:23:36.921922Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-29428",
        "STATE": "PUBLIC",
        "TITLE": "Local privilege escalation through system temporary directory"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "gradle",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 7.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "gradle"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-378: Creation of Temporary File With Insecure Permissions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://docs.gradle.org/7.0/release-notes.html#security-advisories",
            "refsource": "MISC",
            "url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
          },
          {
            "name": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336",
            "refsource": "CONFIRM",
            "url": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336"
          },
          {
            "name": "https://github.com/gradle/gradle/pull/15654",
            "refsource": "MISC",
            "url": "https://github.com/gradle/gradle/pull/15654"
          },
          {
            "name": "https://github.com/gradle/gradle/pull/15240",
            "refsource": "MISC",
            "url": "https://github.com/gradle/gradle/pull/15240"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-89qm-pxvm-p336",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,7.0)",
          "affected_versions": "All versions before 7.0",
          "cvss_v2": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-378",
            "CWE-937"
          ],
          "date": "2021-10-20",
          "description": "In Gradle, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.",
          "fixed_versions": [
            "7.0"
          ],
          "identifier": "CVE-2021-29428",
          "identifiers": [
            "CVE-2021-29428",
            "GHSA-89qm-pxvm-p336"
          ],
          "not_impacted": "All versions starting from 7.0",
          "package_slug": "maven/org.gradle/gradle-core",
          "pubdate": "2021-04-13",
          "solution": "Upgrade to version 7.0 or above.",
          "title": "Creation of Temporary File With Insecure Permissions",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-29428",
            "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
          ],
          "uuid": "131c7dea-89df-45fd-9271-84c4610e6538"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.2.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-29428"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-378"
                },
                {
                  "lang": "en",
                  "value": "CWE-379"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336"
            },
            {
              "name": "https://docs.gradle.org/7.0/release-notes.html#security-advisories",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
            },
            {
              "name": "https://github.com/gradle/gradle/pull/15240",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/gradle/gradle/pull/15240"
            },
            {
              "name": "https://github.com/gradle/gradle/pull/15654",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/gradle/gradle/pull/15654"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-10-20T14:35Z",
      "publishedDate": "2021-04-13T20:15Z"
    }
  }
}