Impact
What kind of vulnerability is it? Who is impacted?
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File#createTempFile
creates files in the the system temporary directory with file permissions -rw-r--r--
by default.
SA360 webquery bigquery - google/sa360-webquery-bigquery
TransferRunner
contains a local information disclosure vulnerability. Any sensitive information written to theses files is visible to all other local users on unix-like systems.
Patches
Has the problem been patched? What versions should users upgrade to?
v1.0.3
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
There is no known workaround
For more information
If you have any questions or comments about this advisory:
Impact
What kind of vulnerability is it? Who is impacted?
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is
File#createTempFile
creates files in the the system temporary directory with file permissions-rw-r--r--
by default.SA360 webquery bigquery - google/sa360-webquery-bigquery
TransferRunner
contains a local information disclosure vulnerability. Any sensitive information written to theses files is visible to all other local users on unix-like systems.Patches
Has the problem been patched? What versions should users upgrade to?
v1.0.3
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
There is no known workaround
For more information
If you have any questions or comments about this advisory: