CVE-2022-21230 - Vulnerability Details - OpenCVE

This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nanohttpd	Nanohttpd

Configuration 1 [-]

cpe:2.3:a:nanohttpd:nanohttpd:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-2r85-x9cf-8fcg
https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java%23L58
https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFileManager.java%23L60
https://snyk.io/vuln/SNYK-JAVA-ORGNANOHTTPD-2422798

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-05-01T15:20:21.538486Z

Updated: 2024-09-16T23:31:10.779Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-21230

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-01T16:15:08.250

Modified: 2024-11-21T06:44:09.377

Link: CVE-2022-21230

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "org.nanohttpd:nanohttpd", "vendor": "n/a", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Jonathan Leitschuh"}], "datePublic": "2022-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Information Exposure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-01T15:20:21", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGNANOHTTPD-2422798"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java%23L58"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFileManager.java%23L60"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-2r85-x9cf-8fcg"}], "title": "Information Exposure", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "DATE_PUBLIC": "2022-05-01T15:19:52.709244Z", "ID": "CVE-2022-21230", "STATE": "PUBLIC", "TITLE": "Information Exposure"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "org.nanohttpd:nanohttpd", "version": {"version_data": [{"version_affected": ">=", "version_value": "0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Jonathan Leitschuh"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JAVA-ORGNANOHTTPD-2422798", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGNANOHTTPD-2422798"}, {"name": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java%23L58", "refsource": "MISC", "url": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java%23L58"}, {"name": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFileManager.java%23L60", "refsource": "MISC", "url": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFileManager.java%23L60"}, {"name": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-2r85-x9cf-8fcg", "refsource": "MISC", "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-2r85-x9cf-8fcg"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:31:59.868Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGNANOHTTPD-2422798"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java%23L58"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFileManager.java%23L60"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-2r85-x9cf-8fcg"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-21230", "datePublished": "2022-05-01T15:20:21.538486Z", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2024-09-16T23:31:10.779Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nanohttpd:nanohttpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DB794C4-3984-437E-8366-5693A399470B", "versionEndIncluding": "2.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue."}, {"lang": "es", "value": "Esto afecta a todas las versiones del paquete org.nanohttpd:nanohttpd. Cuando una sesi\u00f3n HTTP est\u00e1 analizando el cuerpo de una petici\u00f3n HTTP, el cuerpo de la petici\u00f3n es escrita en un RandomAccessFile cuando es mayor de 1024 bytes. Este archivo es creado con permisos inseguros que permiten que su contenido sea visualizado por todos los usuarios de la m\u00e1quina anfitriona. **Mitigaci\u00f3n:** Especificar manualmente el argumento -Djava.io.tmpdir= cuando es iniciado Java para establecer el directorio temporal en un directorio controlado exclusivamente por el usuario actual puede corregir este problema"}], "id": "CVE-2022-21230", "lastModified": "2024-11-21T06:44:09.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-05-01T16:15:08.250", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-2r85-x9cf-8fcg"}, {"source": "[email protected]", "tags": ["Broken Link"], "url": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java%23L58"}, {"source": "[email protected]", "tags": ["Broken Link"], "url": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFileManager.java%23L60"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGNANOHTTPD-2422798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-2r85-x9cf-8fcg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java%23L58"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFileManager.java%23L60"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGNANOHTTPD-2422798"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}