Bug 2083902 (CVE-2022-1537) - CVE-2022-1537 gruntjs: race condition leading to arbitrary file write
Summary: CVE-2022-1537 gruntjs: race condition leading to arbitrary file write
Keywords:
Status: NEW
Alias: CVE-2022-1537
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2084066
Blocks: 2083903
TreeView+ depends on / blocked
 
Reported: 2022-05-11 01:07 UTC by Anten Skrabec
Modified: 2023-09-01 03:23 UTC (History)
35 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the GruntJS package during file.copy operations. This vulnerability is capable of arbitrary file writes, that can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories. This flaw allows a lower-privileged user to create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Anten Skrabec 2022-05-11 01:07:59 UTC 
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae
Note You need to log in before you can comment on or make changes to this bug.