Unrated severityNVD Advisory· Published Mar 29, 2022· Updated Apr 21, 2025
Data-transfer-project information disclosure via tmp directory
CVE-2021-22572
Description
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Google LLC/Data-Transfer-Projectv5Range: unspecified
Patches
Vulnerability mechanics
References
2- github.com/JLLeitschuh/security-research/security/advisories/GHSA-22c6-wcjm-qfjgmitrex_refsource_MISC
- github.com/google/data-transfer-project/pull/969mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.