CVE-2022-27772

HIGH

Vmware Spring Boot < 2.2.11 - Exposure to Wrong Actor

Title source: rule

Description

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer

Exploits (1)

nomisec WRITEUP

by puneetbehl · poc

https://github.com/puneetbehl/grails3-cve-2022-27772

View Code ZIP pw:eip

References (1)

[Exploit, Patch, Third Party Advisory] https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85

Scores

CVSS v3 7.8

EPSS 0.0081

EPSS Percentile 74.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (2)

vmware/spring_boot < 2.2.11

org.springframework.boot/spring-boot < 2.2.11.RELEASEMaven

Timeline

Published Mar 30, 2022

Tracked Since Feb 18, 2026