{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41946", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T12:56:38.648Z", "dateReserved": "2022-09-30T00:00:00", "datePublished": "2022-11-23T00:00:00"}, "containers": {"cna": {"title": "TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-29T13:06:09.090943"}, "descriptions": [{"lang": "en", "value": "pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability."}], "affected": [{"vendor": "pgjdbc", "product": "pgjdbc", "versions": [{"version": ">= 42.2.0, < 42.2.27", "status": "affected"}, {"version": "> 42.3.0, < 42.3.8", "status": "affected"}, {"version": ">= 42.4.0, < 42.4.3", "status": "affected"}, {"version": ">= 42.5.0, < 42.5.1", "status": "affected"}]}], "references": [{"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h"}, {"url": "https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5"}, {"name": "[debian-lts-announce] 20221202 [SECURITY] [DLA 3218-1] libpgjava security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html"}, {"name": "FEDORA-2023-42d6ba9bd6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD/"}, {"url": "https://security.netapp.com/advisory/ntap-20240329-0003/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200"}]}, {"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-377: Insecure Temporary File", "cweId": "CWE-377"}]}], "source": {"advisory": "GHSA-562r-vg33-8x8h", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:38.648Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h", "tags": ["x_transferred"]}, {"url": "https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221202 [SECURITY] [DLA 3218-1] libpgjava security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html"}, {"name": "FEDORA-2023-42d6ba9bd6", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD/"}, {"url": "https://security.netapp.com/advisory/ntap-20240329-0003/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "91112DDC-7FAB-498A-9A64-B2E735A42E77", "versionEndExcluding": "42.2.27", "versionStartIncluding": "42.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "09975F7A-9F41-4A5D-B831-F49EA72A7787", "versionEndExcluding": "42.3.8", "versionStartIncluding": "42.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A11CE32-A457-4692-88D5-FCFF6F394EC4", "versionEndExcluding": "42.4.3", "versionStartIncluding": "42.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "B1EFB368-D53F-40B1-95BB-E434835C55D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C7CBC461-B777-49A8-9031-46A72E9F9DA5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability."}, {"lang": "es", "value": "Es un componente postgresql JDBC de c\u00f3digo abierto. En las versiones afectadas, una declaraci\u00f3n preparada que utilice `PreparedStatement.setText(int, InputStream)` o `PreparedStatemet.setBytea(int, InputStream)` crear\u00e1 un archivo temporal si el InputStream es mayor que 2k. Esto crear\u00e1 un archivo temporal que otros usuarios podr\u00e1n leer en sistemas similares a Unix, pero no a MacOS. En sistemas tipo Unix, el directorio temporal del sistema se comparte entre todos los usuarios de ese sistema. Debido a esto, cuando los archivos y directorios se escriben en este directorio, de forma predeterminada, otros usuarios en ese mismo sistema pueden leerlos. Esta vulnerabilidad no permite que otros usuarios sobrescriban el contenido de estos directorios o archivos. Esto es puramente una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Debido a que ciertas API del sistema de archivos JDK solo se agregaron en JDK 1.7, esta soluci\u00f3n depende de la versi\u00f3n de JDK que est\u00e9 utilizando. Usuarios de Java 1.7 y superiores: esta vulnerabilidad se solucion\u00f3 en 4.5.0. Usuarios de Java 1.6 y versiones anteriores: no hay ning\u00fan parche disponible. Si no puede parchear o no puede ejecutar Java 1.6, especificar la variable de entorno del sistema java.io.tmpdir en un directorio que sea propiedad exclusiva del usuario que lo ejecuta mitigar\u00e1 esta vulnerabilidad."}], "id": "CVE-2022-41946", "lastModified": "2024-11-21T07:24:07.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-23T20:15:10.253", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD/"}, {"source": "security-advisories@github.com", "url": "https://security.netapp.com/advisory/ntap-20240329-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240329-0003/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-377"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0888", "cpe": "cpe:/a:redhat:camel_quarkus:2.13", "package": "jdbc-postgresql", "product_name": "CEQ 2.13.2-1", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:0758", "cpe": "cpe:/a:redhat:quarkus:2.13", "product_name": "Red Hat build of Quarkus", "release_date": "2023-02-14T00:00:00Z"}, {"advisory": "RHSA-2023:1006", "cpe": "cpe:/a:redhat:quarkus:2.7", "package": "jdbc-postgresql", "product_name": "Red Hat build of Quarkus 2.7.7", "release_date": "2023-03-08T00:00:00Z"}, {"advisory": "RHSA-2023:2867", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql-jdbc-0:42.2.14-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2378", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql-jdbc-0:42.2.27-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:3954", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "jdbc-postgresql", "product_name": "Red Hat Fuse 7.12", "release_date": "2023-06-29T00:00:00Z"}, {"advisory": "RHSA-2023:1630", "cpe": "cpe:/a:redhat:satellite:6.12::el8", "package": "candlepin-0:4.1.20-1.el8sat", "product_name": "Red Hat Satellite 6.12 for RHEL 8", "release_date": "2023-04-04T00:00:00Z"}, {"advisory": "RHSA-2023:2097", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "package": "candlepin-0:4.2.13-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2023-05-03T00:00:00Z"}, {"advisory": "RHSA-2023:0759", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "package": "ovirt-ansible-collection", "product_name": "Red Hat Virtualization 4", "release_date": "2023-02-14T00:00:00Z"}, {"advisory": "RHSA-2023:0759", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "package": "ovirt-engine", "product_name": "Red Hat Virtualization 4", "release_date": "2023-02-14T00:00:00Z"}, {"advisory": "RHSA-2023:0759", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "package": "postgresql-jdbc", "product_name": "Red Hat Virtualization 4", "release_date": "2023-02-14T00:00:00Z"}, {"advisory": "RHSA-2023:3906", "cpe": "cpe:/a:redhat:camel_k:1", "package": "jdbc-postgresql", "product_name": "RHINT Camel-K-1.10.1", "release_date": "2023-06-28T00:00:00Z"}, {"advisory": "RHSA-2023:1177", "cpe": "cpe:/a:redhat:camel_quarkus:2.7", "package": "jdbc-postgresql", "product_name": "RHINT Camel-Q 2.7-1", "release_date": "2023-03-09T00:00:00Z"}, {"advisory": "RHSA-2023:1815", "cpe": "cpe:/a:redhat:debezium:2", "impact": "low", "package": "postgresql-jdbc", "product_name": "RHINT Debezium 2.1.4", "release_date": "2023-04-17T00:00:00Z"}], "bugzilla": {"description": "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions", "id": "2153399", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153399"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "(CWE-200|CWE-377)", "details": ["pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.", "A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior."], "name": "CVE-2022-41946", "package_state": [{"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Not affected", "package_name": "jdbc-postgresql", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql-jdbc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "postgresql-jdbc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/postgresql-jdbc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "libreoffice:flatpak/postgresql-jdbc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "jdbc-postgresql", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Fix deferred", "package_name": "postgresql-jdbc", "product_name": "Red Hat Virtualization 4"}], "public_date": "2022-11-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-41946\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41946"], "statement": "Red Hat Satellite ships a PostgreSQL JDBC Driver for Hibernate ORM framework, which is embeds into Candlepin. Although Candlepin itself doesn't make direct use of the PreparedStatement methods from the PostgreSQL JDBC Driver, Hibernate ORM does utilize these methods, potentially making framework affected. Satellite server operating in an environment with untrusted users while the driver is running are vulnerable to the flaw, however, deployments without untrusted users are considered safe. A future Satellite update should address this issue.", "threat_severity": "Moderate"}