CVE-2021-47688 | THREATINT

Description

In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local access to a server can bypass the allow-list functionality because a file can be truncated in the OpenFileDescriptor action before the VerifyCanWrite action is performed.

PUBLISHED Reserved 2025-06-23 | Published 2025-06-23 | Updated 2025-06-24 | Assigner mitre

MEDIUM: 5.7CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Problem types

CWE-696 Incorrect Behavior Order

Product status

Default status

unaffected

0.2.0 (semver) before 0.2.2

affected

References

github.com/...teBeam/security/advisories/GHSA-3f8r-9483-pfxj

github.com/WhiteBeamSec/WhiteBeam/security/policy

github.com/WhiteBeamSec/WhiteBeam/pull/22

cve.org (CVE-2021-47688)

nvd.nist.gov (CVE-2021-47688)

Download JSON