CVE-2022-23651

{"id": "CVE-2022-23651", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2022-02-23T23:15:07.837", "references": [{"url": "https://github.com/Backblaze/b2-sdk-python/commit/62476638986e5b6d7459aca5ef8ce220760226e0", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Backblaze/b2-sdk-python/security/advisories/GHSA-p867-fxfr-ph2w", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://pypi.org/project/b2sdk/", "tags": ["Product"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. SDK users of the SqliteAccountInfo format are vulnerable while users of the InMemoryAccountInfo format are safe. The SqliteAccountInfo saves API keys (and bucket name-to-id mapping) in a local database file ($XDG_CONFIG_HOME/b2/account_info, ~/.b2_account_info or a user-defined path). When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory containing the file is readable by a local attacker then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Consumers of this SDK who rely on it to save data using SqliteAccountInfo class should upgrade to the latest version of the SDK. Those who believe a local user might have opened a handle using this race condition, should remove the affected database files and regenerate all application keys. Users should upgrade to b2-sdk-python 1.14.1 or later."}, {"lang": "es", "value": "b2-sdk-python es una biblioteca python para acceder al almacenamiento en la nube proporcionado por backblaze. Las versiones para Linux y Mac del SDK versi\u00f3n 1.14.0 y anteriores contienen una vulnerabilidad de divulgaci\u00f3n de claves que, en determinadas condiciones, puede ser explotada por atacantes locales a mediante una condici\u00f3n de carrera de tiempo de comprobaci\u00f3n (TOCTOU). Los usuarios del SDK del formato SqliteAccountInfo son vulnerables mientras que usuarios del formato InMemoryAccountInfo est\u00e1n a salvo. El formato SqliteAccountInfo guarda las claves de la API (y el mapeo de nombres de cubos a identificadores) en un archivo de base de datos local ($XDG_CONFIG_HOME/b2/account_info, ~/.b2_account_info o una ruta definida por el usuario). Cuando es creado por primera vez, el archivo es legible para todo el mundo y es (normalmente unos pocos milisegundos) alterado m\u00e1s tarde para ser privado para el usuario. Si el directorio que contiene el archivo es legible por un atacante local, entonces durante el breve per\u00edodo entre la creaci\u00f3n del archivo y la modificaci\u00f3n de los permisos, un atacante local puede correr para abrir el archivo y mantener un manejo a \u00e9l. Esto permite al atacante local leer el contenido del archivo despu\u00e9s de que la informaci\u00f3n confidencial haya sido guardado en \u00e9l. Los consumidores de este SDK que conf\u00eden en \u00e9l para guardar datos usando la clase SqliteAccountInfo deber\u00edan actualizar a la \u00faltima versi\u00f3n del SDK. Aquellos que crean que un usuario local puede haber abierto una cuenta usando esta condici\u00f3n de carrera, deber\u00edan eliminar los archivos de base de datos afectados y regenerar todas las claves de la aplicaci\u00f3n. Los usuarios deben actualizar a b2-sdk-python versi\u00f3n 1.14.1 o posterior"}], "lastModified": "2022-03-07T16:11:38.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:backblaze:b2_python_software_development_kit:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "BC616D13-892D-4FB1-A217-41B775ACD9E9", "versionEndIncluding": "1.14.0"}, {"criteria": "cpe:2.3:a:backblaze:b2_python_software_development_kit:*:*:*:*:*:mac:*:*", "vulnerable": true, "matchCriteriaId": "0203F027-571C-407C-A643-439AAEDDC78B", "versionEndIncluding": "1.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}