CVE-2022-4641 - OpenCVE

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pig-vector Project	Pig-vector

Configuration 1 [-]

cpe:2.3:a:pig-vector_project:pig-vector:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/tdunning/pig-vector/commit/1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15
https://github.com/tdunning/pig-vector/pull/2
https://vuldb.com/?id.216500

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-12-21T00:00:00

Updated: 2024-08-03T01:48:40.341Z

Reserved: 2022-12-21T00:00:00

Link: CVE-2022-4641

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-21T22:15:08.823

Modified: 2022-12-29T21:20:25.520

Link: CVE-2022-4641

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4641", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2024-08-03T01:48:40.341Z", "dateReserved": "2022-12-21T00:00:00", "datePublished": "2022-12-21T00:00:00"}, "containers": {"cna": {"title": "pig-vector LogisticRegression.java LogisticRegression temp file", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-21T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500."}], "affected": [{"vendor": "unspecified", "product": "pig-vector", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/tdunning/pig-vector/pull/2"}, {"url": "https://github.com/tdunning/pig-vector/commit/1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15"}, {"url": "https://vuldb.com/?id.216500"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-377 Insecure Temporary File", "cweId": "CWE-377"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:40.341Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/tdunning/pig-vector/pull/2", "tags": ["x_transferred"]}, {"url": "https://github.com/tdunning/pig-vector/commit/1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.216500", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pig-vector_project:pig-vector:-:*:*:*:*:*:*:*", "matchCriteriaId": "524F4B7B-0474-4F0C-9782-F4907F2B3FC4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en pig-vector y se clasific\u00f3 como problem\u00e1tica. La funci\u00f3n LogisticRegression del archivo src/main/java/org/apache/mahout/pig/LogisticRegression.java es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a un archivo temporal inseguro. El ataque debe abordarse localmente. El nombre del parche es 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-216500."}], "id": "CVE-2022-4641", "lastModified": "2022-12-29T21:20:25.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-12-21T22:15:08.823", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tdunning/pig-vector/commit/1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15"}, {"source": "cna@vuldb.com", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/tdunning/pig-vector/pull/2"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.216500"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-377"}], "source": "cna@vuldb.com", "type": "Primary"}]}