=====================================================================

                               CERT-Renater

                     Note d'Information No. 2023/VULN376

_____________________________________________________________________

DATE                : 06/10/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running gradle versions prior to 7.6.3,
                                            8.4.

=====================================================================
https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9
_____________________________________________________________________


Incorrect permission assignment for symlinked files used in copy or
archiving operations

Low
ljacomet published GHSA-43r3-pqhv-f7h9
Package
Gradle (Java)

Affected versions
<7.6.3, <8.4

Patched versions
7.6.3, 8.4


Description

Impact

When copying files or creating archives, Gradle does not preserve
symbolic links. Instead, Gradle resolves symbolic links to their
underlying target file. The permissions of the new file are the
permissions of the symbolic link instead of the permissions of
the target file.

This can lead to files that have unintended permissions because
symbolic links are usually world readable and writeable.

While it is unlikely this impacts the build directly, it may open
attack vectors where build artifacts are used or extracted.


Patches

In Gradle 7.6.3 and 8.4, the permissions of the target file will
be used when copying or archiving a symbolic link.

It is recommended that users upgrade to a patched version.


Workarounds

If you are unable to upgrade to a patched Gradle version, you
should explicitly set permissions for any symbolic links when
copying or creating an archive.


References

     CWE-732
     CVE-2023-34042: Incorrect Permission Assignment for spring-security.xsd


Severity
Low

3.2/ 10

CVSS base metrics

Attack vector
Local

Attack complexity
Low

Privileges required
High

User interaction
None

Scope
Changed

Confidentiali
ty
Low
Integrity
None

Availability
None

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CVE ID
CVE-2023-44387

Weaknesses
CWE-732


Credits

     @MartinHolland MartinHolland Finder



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================