Vulnerabilities > CVE-2022-1537 - Unspecified vulnerability in Gruntjs Grunt
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
Vulnerable Configurations
References
- https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae
- https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae
- https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d
- https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d
- https://lists.debian.org/debian-lts-announce/2023/04/msg00006.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00006.html