CVE-2021-22572

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-22572
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22572.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-22572
Related
  • GHSA-22c6-wcjm-qfjg
Published
2022-03-29T15:15:08.040Z
Modified
2025-11-14T11:05:11.697513Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969

References

Affected packages

Git / github.com/google/data-transfer-project

Affected ranges

Type
GIT
Repo
https://github.com/google/data-transfer-project
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a52ad68db688d20aaa1e4d38441ccbd00ad5255a

Affected versions

0.*

0.3.24
0.3.27

Other

3
6783599

v0.*

v0.3.12
v0.3.13
v0.3.14
v0.3.15
v0.3.16
v0.3.17
v0.3.20
v0.3.23
v0.3.25
v0.3.26
v0.3.28
v0.3.29
v0.3.30
v0.3.31
v0.3.32
v0.3.33
v0.3.37
v0.3.38
v0.3.39
v0.3.40
v0.3.41
v0.3.42
v0.3.43
v0.3.44
v0.3.45
v0.3.46
v0.3.48
v0.3.49
v0.3.50
v0.3.51
v0.3.52
v0.3.53
v0.3.54
v0.3.55
v0.3.56

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "extensions/data-transfer/portability-data-transfer-google/src/main/java/org/datatransferproject/datatransfer/google/calendar/GoogleCalendarImporter.java"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "177036191546829773953987168276172542798",
                "105963600067749632543276681015577366378",
                "127911330037622962165367722908575592497",
                "289168388963441672843083804643073347849",
                "9983191831977875518847465802327144338"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "source": "https://github.com/google/data-transfer-project/commit/a52ad68db688d20aaa1e4d38441ccbd00ad5255a",
        "id": "CVE-2021-22572-9912629c",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22572.json"