CVE-2021-31411 Vulnerability Details

  /     /     /  

CVE-2021-31411 Metadata Quick Info

CVE Published: 05/05/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: Vaadin | Vendor: Vaadin | Product: Vaadin
Status : PUBLISHED

CVE-2021-31411 Description

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.

Metrics

CVSS Version: 3.1 | Base Score: 6.3 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-379
CWE Name: CWE-379 Creation of Temporary File in Directory with Incorrect Permissions
Source: Vaadin

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2021-31411 Vulnerability Details