VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-26y8-5gdp-2ffc

Essentials
Severities (11)
References (6)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-26y8-5gdp-2ffc
Aliases	CVE-2022-27772 GHSA-cm59-pr5q-cw85
Summary	Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-377	Insecure Temporary File
CWE-379	Creation of Temporary File in Directory with Insecure Permissions
CWE-668	Exposure of Resource to Wrong Sphere
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2022-27772
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-cm59-pr5q-cw85
cvssv3.1	7.8	https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
cvssv3.1_qr	HIGH	https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
generic_textual	HIGH	https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
cvssv3.1	7.8	https://github.com/spring-projects/spring-boot
generic_textual	HIGH	https://github.com/spring-projects/spring-boot
cvssv3.1	7.8	https://github.com/spring-projects/spring-boot/commit/667ccdae84822072f9ea1a27ed5c77964c71002d
generic_textual	HIGH	https://github.com/spring-projects/spring-boot/commit/667ccdae84822072f9ea1a27ed5c77964c71002d
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2022-27772
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2022-27772

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-27772
		https://github.com/spring-projects/spring-boot
		https://github.com/spring-projects/spring-boot/commit/667ccdae84822072f9ea1a27ed5c77964c71002d
CVE-2022-27772		https://nvd.nist.gov/vuln/detail/CVE-2022-27772
GHSA-cm59-pr5q-cw85		https://github.com/advisories/GHSA-cm59-pr5q-cw85
GHSA-cm59-pr5q-cw85		https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/spring-projects/spring-boot

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/spring-projects/spring-boot/commit/667ccdae84822072f9ea1a27ed5c77964c71002d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-27772

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.63708
EPSS Score	0.00442
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:31:48.523500+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-cm59-pr5q-cw85	38.6.0