1974854 – (CVE-2021-22118) CVE-2021-22118 spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application

Bug 1974854 (CVE-2021-22118) - CVE-2021-22118 spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application

Summary: CVE-2021-22118 spring-web: (re)creating the temporary storage directory could...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-22118
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1975288 1975289 1975290 1974928
Blocks:	1974857
TreeView+	depends on / blocked

Reported:	2021-06-22 16:25 UTC by Michael Kaplan
Modified:	2021-12-14 22:06 UTC (History)
CC List:	51 users (show)
Fixed In Version:	spring-framework 5.3.7, spring-framework 5.2.15
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-12-14 22:06:08 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:4918	0	None	None	None	2021-12-02 16:18:26 UTC
Red Hat Product Errata	RHSA-2021:5134	0	None	None	None	2021-12-14 21:35:36 UTC

Description Michael Kaplan 2021-06-22 16:25:45 UTC

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

References: 

https://github.com/spring-projects/spring-framework/issues/26931

Comment 2 Przemyslaw Roguski 2021-06-22 19:42:51 UTC

Upstream fix:
https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1

Comment 10 Jonathan Christison 2021-07-02 13:27:09 UTC

Marking Red Hat Integration Camel K as having a low impact, this is because vulnerable artifacts are distributed but not used or available for use.

Comment 15 errata-xmlrpc 2021-12-02 16:18:23 UTC

This issue has been addressed in the following products:

  Red Hat Integration

Via RHSA-2021:4918 https://access.redhat.com/errata/RHSA-2021:4918

Comment 16 errata-xmlrpc 2021-12-14 21:35:32 UTC

This issue has been addressed in the following products:

  Red Hat Fuse 7.10

Via RHSA-2021:5134 https://access.redhat.com/errata/RHSA-2021:5134

Comment 17 Product Security DevOps Team 2021-12-14 22:06:04 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-22118

Note You need to log in before you can comment on or make changes to this bug.

abenaiss
aboyko
ahenning
aileenc
akoufoud
alazarot
almorale
anstephe
aos-bugs
ataylor
avibelli
bgeorges
bibryam
bmontgom
chazlett
cmoulliard
dkreling
drieden
eparis
etirelli
ggaughan
gmalinko
hbraun
ibek
ikanello
janstey
jburrell
jochrist
jokerman
jpallich
jrokos
jross
jstastny
jwon
krathod
kverlaen
lthon
mnovotny
mszynkie
nstielau
pantinor
pbhattac
peholase
pgallagh
pjindal
pskopek
rrajasek
rruss
sguilhen
sponnaga
tzimanyi