icon

We found results for “

CVE-2022-27772

Good to know:

icon
icon

Date: March 30, 2022

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer

Language: Java

Severity Score

Severity Score

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Creation of Temporary File in Directory with Insecure Permissions

CWE-379

Insecure Temporary File

CWE-377

Top Fix

icon

Upgrade Version

Upgrade to version org.springframework.boot:spring-boot:2.2.11.RELEASE

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us