Improper File Permissions in Priam by Netflix
CVE-2021-28100

5.5MEDIUM

Key Information:

Vendor: Netflix
Status: Netflix Oss Priam
Vendor: CVE Published:; 23 March 2021

What is CVE-2021-28100?

Priam, a management tool for Apache Cassandra, faces a security concern due to its handling of temporary files. The application uses File.createTempFile to generate temporary files with default permissions set to -rw-r--r--. This configuration allows attackers with read access to the local filesystem to potentially access sensitive data written by the Priam process. Addressing this vulnerability is essential to prevent unauthorized data exposure that could lead to further security risks.

Affected Version(s)

Netflix OSS Priam All versions

References

https://github.com/Netflix/security-bulletins/blob/master...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2021
Vulnerability Reserved
Mar 9, 2021