CVE-2020-17521
Insecure Temporary Files vulnerability in org.codehaus.groovy:groovy

What is CVE-2020-17521 About?

Apache Groovy contains a vulnerability where its extension methods for creating temporary directories use a superseded, potentially insecure Java JDK method. This flaw can lead to directory traversal or unauthorized file access. Exploitation difficulty varies based on the operating system and context, as it relies on specific conditions for the underlying JDK method to be insecure.

Affected Software

Technical Details

Apache Groovy, in versions 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1, provides extension methods for creating temporary directories. The underlying implementation of these methods utilized an older Java JDK method that has security implications on certain operating systems or in specific contexts. This superseded JDK method may create temporary files or directories in a predictable manner or in insecure locations, making them susceptible to race conditions, directory traversal, or symlink attacks. An attacker could potentially predict the temporary directory path or manipulate file system links to gain unauthorized access to or modify files outside the intended temporary directory.

What is the Impact of CVE-2020-17521?

Successful exploitation may allow attackers to gain unauthorized access to arbitrary files, achieve privilege escalation, or interfere with system operations, leading to data tampering or denial of service.

What is the Exploitability of CVE-2020-17521?

Exploitation of this vulnerability has a medium complexity, as it depends on the operating system and specific contextual factors that render the underlying Java JDK method insecure. It may involve race conditions or an attacker's ability to predict temporary file/directory names or locations. No specific authentication is required if the vulnerable Groovy application processes untrusted input that triggers temporary directory creation, making it a remote exploitation scenario in such cases. The attacker typically does not need elevated privileges but could achieve them if successful. Special conditions include the environment where Groovy is running and the specific JDK version and its configuration. The likelihood of exploitation increases if Groovy applications handle sensitive data and create temporary files in shared or predictable locations without proper safeguards.

What are the Known Public Exploits?

What are the Available Fixes for CVE-2020-17521?

Available Upgrade Options

• org.codehaus.groovy:groovy-all
  • >2.0.0, <2.4.21 → Upgrade to 2.4.21
• org.codehaus.groovy:groovy-all
  • >2.5.0, <2.5.14 → Upgrade to 2.5.14
• org.codehaus.groovy:groovy-all
  • >3.0.0, <3.0.7 → Upgrade to 3.0.7
• org.codehaus.groovy:groovy
  • >2.0.0, <2.4.21 → Upgrade to 2.4.21
• org.codehaus.groovy:groovy
  • >2.5.0, <2.5.14 → Upgrade to 2.5.14
• org.codehaus.groovy:groovy
  • >3.0.0, <3.0.7 → Upgrade to 3.0.7

Additional Resources

• https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E
• https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://groovy-lang.org/security.html#CVE-2020-17521
• https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3@%3Cdev.atlas.apache.org%3E

What are Similar Vulnerabilities to CVE-2020-17521?

Similar Vulnerabilities: CVE-2020-17522 , CVE-2020-13953 , CVE-2020-13954 , CVE-2021-44228 , CVE-2022-26135