Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2022-1537

Published: 10 May 2022

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

Notes

AuthorNote
ccdm94
this CVE seems to be closely related to CVE-2022-0436, with its
fix editing code which was included in the patch to CVE-2022-0436
as well. In the bug bounty report to this CVE, the researcher
mentions that the possibility of this vulnerability existing had
already been considered in the CVE-2022-0436 bug bounty report,
however, a fix for this was not applied together with the fix for
CVE-2022-0436, and therefore, a new report was made.

Priority

Medium

Cvss 3 Severity Score

7.0

Score breakdown

Status

Package Release Status
grunt
Launchpad, Ubuntu, Debian
lunar Not vulnerable
(1.5.3-2)
trusty Does not exist

xenial Does not exist

bionic
Released (1.0.1-8ubuntu0.1+esm1)
Available with Ubuntu Pro
impish Ignored
(end of life)
upstream
Released (1.5.3)
kinetic Not vulnerable
(1.5.3-1)
focal
Released (1.0.4-2ubuntu0.1~esm1)
Available with Ubuntu Pro
jammy
Released (1.4.1-2ubuntu0.1~esm1)
Available with Ubuntu Pro
mantic Not vulnerable
(1.5.3-2)
Patches:
upstream: https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae

Severity score breakdown

Parameter Value
Base score 7.0
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H