CVE-2021-22539 - OpenCVE

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Bazel

Configuration 1 [-]

cpe:2.3:a:google:bazel:*:*:*:*:*:visual_studio:*:*

No data.

References

Link	Providers
https://github.com/bazelbuild/vscode-bazel-ghsa-2rcw-j8x4-hgcv/pull/1
https://github.com/bazelbuild/vscode-bazel/security/advisories/GHSA-2rcw-j8x4-hgcv

History

No history.

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2021-04-16T10:15:12.912725Z

Updated: 2024-09-17T01:46:31.592Z

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22539

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-16T11:15:12.637

Modified: 2022-10-25T16:36:46.623

Link: CVE-2021-22539

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "VSCode-Bazel", "vendor": "Google LLC", "versions": [{"lessThanOrEqual": "0.4.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "RyotaK"}], "datePublic": "2021-04-15T00:00:00", "descriptions": [{"lang": "en", "value": "An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-73", "description": "CWE-73 External Control of File Name or Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-16T10:15:12", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/bazelbuild/vscode-bazel/security/advisories/GHSA-2rcw-j8x4-hgcv"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bazelbuild/vscode-bazel-ghsa-2rcw-j8x4-hgcv/pull/1"}], "solutions": [{"lang": "en", "value": "Upgrade vscode-bazel to version 0.4.1 or above"}], "source": {"discovery": "EXTERNAL"}, "title": "Code execution in VSCode-bazel via malicious Bazel config files", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "DATE_PUBLIC": "2021-04-15T22:00:00.000Z", "ID": "CVE-2021-22539", "STATE": "PUBLIC", "TITLE": "Code execution in VSCode-bazel via malicious Bazel config files"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VSCode-Bazel", "version": {"version_data": [{"version_affected": "<=", "version_value": "0.4.0"}]}}]}, "vendor_name": "Google LLC"}]}}, "credit": [{"lang": "eng", "value": "RyotaK"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-73 External Control of File Name or Path"}]}]}, "references": {"reference_data": [{"name": "https://github.com/bazelbuild/vscode-bazel/security/advisories/GHSA-2rcw-j8x4-hgcv", "refsource": "MISC", "url": "https://github.com/bazelbuild/vscode-bazel/security/advisories/GHSA-2rcw-j8x4-hgcv"}, {"name": "https://github.com/bazelbuild/vscode-bazel-ghsa-2rcw-j8x4-hgcv/pull/1", "refsource": "MISC", "url": "https://github.com/bazelbuild/vscode-bazel-ghsa-2rcw-j8x4-hgcv/pull/1"}]}, "solution": [{"lang": "en", "value": "Upgrade vscode-bazel to version 0.4.1 or above"}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:44:14.038Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bazelbuild/vscode-bazel/security/advisories/GHSA-2rcw-j8x4-hgcv"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bazelbuild/vscode-bazel-ghsa-2rcw-j8x4-hgcv/pull/1"}]}]}, "cveMetadata": {"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2021-22539", "datePublished": "2021-04-16T10:15:12.912725Z", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-09-17T01:46:31.592Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:bazel:*:*:*:*:*:visual_studio:*:*", "matchCriteriaId": "6AC4AFC4-B2BE-4CFA-A1FF-0D7203784325", "versionEndExcluding": "0.4.1", "versionStartIncluding": "0.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above."}, {"lang": "es", "value": "Un atacante puede colocar un archivo de configuraci\u00f3n JSON dise\u00f1ado en la carpeta del proyecto que apunta a un ejecutable personalizado. VScode-bazel permite que la ruta del espacio de trabajo a los archivos lint * .bzl sean establecidos por medio de este archivo de configuraci\u00f3n. Como tal, el atacante es capaz de ejecutar cualquier ejecutable en el sistema a trav\u00e9s de vscode-bazel. Recomendamos actualizar a la versi\u00f3n 0.4.1 o por arriba"}], "id": "CVE-2021-22539", "lastModified": "2022-10-25T16:36:46.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2021-04-16T11:15:12.637", "references": [{"source": "cve-coordination@google.com", "tags": ["Broken Link"], "url": "https://github.com/bazelbuild/vscode-bazel-ghsa-2rcw-j8x4-hgcv/pull/1"}, {"source": "cve-coordination@google.com", "tags": ["Third Party Advisory"], "url": "https://github.com/bazelbuild/vscode-bazel/security/advisories/GHSA-2rcw-j8x4-hgcv"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-73"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}