CVEs-PoC/2021/CVE-2021-22571.md

### [CVE-2021-22571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22571)
![](https://img.shields.io/static/v1?label=Product&message=google%2Fsa360-webquery-bigquery&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%201.0.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-275%20Permission%20Issues&color=brighgreen)

### Description

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.

### POC

#### Reference
- https://github.com/google/sa360-webquery-bigquery/pull/15

#### Github
No PoCs found on GitHub currently.