A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.
References
Link | Resource |
---|---|
https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7fjx-657r-9r5h | Third Party Advisory |
https://github.com/google/sa360-webquery-bigquery/pull/15 | Patch Third Party Advisory |
https://github.com/google/sa360-webquery-bigquery/releases/tag/v1.0.3 | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Google
Published: 2022-03-18T11:05:11
Updated: 2022-04-27T11:45:12
Reserved: 2021-01-05T00:00:00
Link: CVE-2021-22571
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-18T11:15:07.777
Modified: 2022-05-10T15:25:31.723
Link: CVE-2021-22571
JSON object: View
Redhat Information
No data.