CVE-2021-22571 MEDIUM

CVE-2021-22571: Information Leak in SA360-webquery-bigquery through read on /tmp

Vendor Google Llc
Product google/sa360-webquery-bigquery
Weakness CWE-275
Published March 18, 2022
Last update April 21, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.

Key dates

02Disclosure timeline

March 18, 2022 CVE published
April 21, 2025 Record updated