CVE-2021-43017Creation of Temporary File in Directory with Insecure Permissions in Adobe Gocart

CWE-379Creation of Temporary File in Directory with Insecure Permissions3 documents3 sources
Severity
4.2MEDIUMNVD
EPSS
0.3%
top 44.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe GocartAdobe Creative Cloud Desktop Application
Timeline
PublishedNov 18
Latest updateNov 19

Description

Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of service by planting a malicious file on the victim's local machine. User interaction is required before product installation to abuse this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:HExploitability: 0.6 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/gocartunspecified5.5+1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-85rf-rp2v-42mg: Adobe Creative Cloud version 52021-11-19
CVEList
Adobe Creative Cloud DLL Hijacking Local Application Denial of Service2021-11-18
CVE-2021-43017 — Adobe Gocart vulnerability | cvebase