CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29428 – Local privilege escalation through system temporary directory
https://notcve.org/view.php?id=CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. • https://docs.gradle.org/7.0/release-notes.html#security-advisories https://github.com/gradle/gradle/pull/15240 https://github.com/gradle/gradle/pull/15654 https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 https://access.redhat.com/security/cve/CVE-2021-29428 https://bugzilla.redhat.com/show_bug.cgi?id=1949643 • CWE-276: Incorrect Default Permissions CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29429 – Information disclosure through temporary directory permissions
https://notcve.org/view.php?id=CVE-2021-29429
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. • https://docs.gradle.org/7.0/release-notes.html#security-advisories https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8 https://access.redhat.com/security/cve/CVE-2021-29429 https://bugzilla.redhat.com/show_bug.cgi?id=1949636 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-377: Insecure Temporary File •
CVSS: 5.9EPSS: 1%CPEs: 28EXPL: 0CVE-2021-21409 – Possible request smuggling in HTTP/2 due missing validation of content-length
https://notcve.org/view.php?id=CVE-2021-21409
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295 https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432 https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32 https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E https:& • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-25724 – resteasy: information disclosure via HTTP response reuse
https://notcve.org/view.php?id=CVE-2020-25724
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected. Se encontró un fallo en RESTEasy, donde es proporcionada una respuesta incorrecta para una petición HTTP. • https://bugzilla.redhat.com/show_bug.cgi?id=1899354 https://security.netapp.com/advisory/ntap-20210702-0003 https://access.redhat.com/security/cve/CVE-2020-25724 • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20289 – resteasy: Error message exposes endpoint class information
https://notcve.org/view.php?id=CVE-2021-20289
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. Se detectó un fallo en RESTEasy en todas las versiones de RESTEasy hasta 4.6.0.Final. Los nombres de métodos y clases de endpoint son devueltos como parte de la respuesta de excepción cuando RESTEasy no puede convertir uno de los valores de consulta o ruta del URI de petición a el valor del parámetro de método del recurso JAX-RS correspondiente. • https://bugzilla.redhat.com/show_bug.cgi?id=1935927 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2021-20289 • CWE-209: Generation of Error Message Containing Sensitive Information •