CVE-2021-29429 : In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacke

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.

Published 2021-04-12 22:15:13

Updated 2021-10-20 14:32:26

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2021-29429

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-29429

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	2.5	1.4	GitHub, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2021-29429

CWE-377 Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2021-29429

https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8

Information disclosure through temporary directory permissions · Advisory · gradle/gradle · GitHub
Exploit;Mitigation;Third Party Advisory
https://docs.gradle.org/7.0/release-notes.html#security-advisories

Gradle 7.0 Release Notes
Release Notes;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2021-29429

Gradle » Gradle
Versions before (<) 7.0
cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*
Matching versions
Quarkus » Quarkus
Versions up to, including, (<=) 2.2.3
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2021-29429

Exploit prediction scoring system (EPSS) score for CVE-2021-29429

CVSS scores for CVE-2021-29429

CWE ids for CVE-2021-29429

References for CVE-2021-29429

Products affected by CVE-2021-29429