Home > Vulnerability Database > CVE-2022-27772

Mend.io Vulnerability Database

CVE-2022-27772

Good to know:

Date: March 30, 2022

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer

Language: Java

Severity Score

7.8

Related Resources (5)

Url: https://github.com/spring-projects/spring-boot

Url: https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-27772

Url: https://github.com/spring-projects/spring-boot/commit/667ccdae84822072f9ea1a27ed5c77964c71002d

Url: https://www.mend.io/vulnerability-database/CVE-2022-27772

Severity Score

7.8

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Creation of Temporary File in Directory with Insecure Permissions

CWE-379

Insecure Temporary File

CWE-377

Top Fix

Upgrade Version

Upgrade to version org.springframework.boot:spring-boot:1.5.22-spring-boot-1.5.23;org.springframework.boot:spring-boot:2.2.11.RELEASE

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-27772

Good to know:

Date: March 30, 2022

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?