Hi there,
I may have discovered a method in org.odftoolkit:odfdom-java:0.8.6 which
has Temporary Directory Vulnerability. The vulnerability is located in the
method *newTempOdfDirectory* from class *org.odftoolkit.odfdom.pkg.TempDir*
The vulnerability bears similarities to a recent CVE disclosure
*CVE-2022-3969* in the "Document Management System" project.
The source vulnerability information is as follows:
*Vulnerability Details:**CVE Identifier:* CVE-2022-3969
*Description:* A vulnerability was found in OpenKM up to 6.3.11 and
classified as problematic. Affected by this issue is the function
getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java.
The manipulation leads to insecure temporary file. Upgrading to version
6.3.12 is able to address this issue. The name of the patch is
c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the
affected component. The identifier of this vulnerability is VDB-213548.
*Reference:* https://nvd.nist.gov/vuln/detail/CVE-2022-3969
*Patch: *
https://github.com/openkm/document-management-system/commit/c069e4d73ab8864345c25119d8459495f45453e1
*Vulnerability **Description:* The vulnerability is present in the
*org.odftoolkit.odfdom.pkg.TempDir* class, specifically in the
*newTempOdfDirectory* function. This function is responsible for handling
temporary directories. A chain of calls involving *File.createTempFile() ->
file.delete() -> either file.mkdir() or file.mkdirs() *has been detected,
leaving the library exposed to Temporary Directory Hijacking or Information
Disclosure attacks.
*Library Usage:*
The org.odftoolkit : odfdom-java : 0.8.6 has 44 usages according to Maven
Repository and rank 8580 in MvnRepository. Besides, according to data from
library.io, this specific version, 0.8.6, stands out as the most prevalent,
with an impressive utilization rate of 33.88% among all libraries that
incorporate "org.odftoolkit:odfdom-java". Due to the extensive adoption of
this library, the identified vulnerability poses the potential for
far-reaching consequences.
*Recommended Actions:*
To address this issue, I suggest the following actions:
1. Apply Patch: Refer to the patch provided by the "Document Management
System" project, which shares similarities with this vulnerability. The
patch can be found at the following link:
https://github.com/openkm/document-management-system/commit/c069e4d73ab8864345c25119d8459495f45453e1
.
2. Review GitHub Pull Request: Study the detailed description of the
vulnerability and the proposed fix in the "Document Management System"
project's GitHub pull request:
https://github.com/openkm/document-management-system/pull/332.
I understand the importance of responsible disclosure, and I am willing
to cooperate with your team throughout the process of fixing and verifying
the vulnerability. If you require any further information or assistance,
please do not hesitate to reach out to me.
Thank you and looking forward to hearing from you soon.
Best regards,
Yiheng Cao
--
To unsubscribe e-mail to: dev+unsubscribe@odftoolkit.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.odftoolkit.org/dev/
Privacy Policy: https://www.documentfoundation.org/privacy
Context
- [dev] [PROPOSAL][Repo] Security Vulnerability - Action Required: Temporary Directory Vulnerability in the org.odftoolkit : odfdom-java : 0.8.6 · James Watt
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.