CVE Vulnerability

CVE-2022-1537

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

6.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d Exploit Issue Tracking
https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae Patch Technical Description
Configurations

Configuration 1

cpe:2.3:a:gruntjs:grunt:*:*:*:*:*:node.js:*:*
Information

Published : 2022-05-10 02:15

Updated : 2022-05-16 05:08

NVD link : CVE-2022-1537

Mitre link : CVE-2022-1537

Products Affected
No products.
CWE
CWE-367