Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-27216

Опубликовано: 23 окт. 2020
Источник: nvd
CVSS3: 7
CVSS2: 4.4
EPSS Низкий

Описание

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
Версия от 1.0 (включая) до 9.3.29 (исключая)
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
Версия от 9.4.0 (включая) до 9.4.32 (включая)
cpe:2.3:a:eclipse:jetty:10.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:10.0.0:beta0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:10.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:11.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:11.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:clustered_data_ontap:*:*
Версия от 7.2 (включая)
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
Версия от 7.2 (включая)
Конфигурация 3

Одновременно

cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:clustered_data_ontap:*:*
Версия от 7.2 (включая)
cpe:2.3:a:vmware:vsphere:-:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
Версия от 8.2.1 (включая) до 8.2.2.1 (включая)
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*
Версия от 11.5.0 (включая) до 11.9.0 (включая)
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
Версия до 9.2.6.0 (исключая)
cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*
Версия до 21.5 (включая)
Конфигурация 5

Одно из

cpe:2.3:a:apache:beam:2.21.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:beam:2.22.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:beam:2.23.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:beam:2.24.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:beam:2.25.0:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%
0.00072
Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-378
NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2020-27216

CVSS3: 7
ubuntu
больше 5 лет назад

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

redhat логотип

CVE-2020-27216

CVSS3: 7
redhat
больше 5 лет назад

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

debian логотип

CVE-2020-27216

CVSS3: 7
debian
больше 5 лет назад

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...

github логотип

GHSA-g3wg-6mcf-8jj6

CVSS3: 7
github
больше 5 лет назад

Local Temp Directory Hijacking Vulnerability

fstec логотип

BDU:2021-00878

CVSS3: 7
fstec
больше 5 лет назад

Уязвимость контейнера сервлетов Eclipse Jetty, связанная с созданием временных файлов с небезопасными разрешениями, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 22%
0.00072
Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-378
NVD-CWE-Other