Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2020-27216
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 4.4/10
- Exploit Score
- 3.4/10
- Access Vector
- Local
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
CVSSv3.1 Score
- Severity
- High
- Base Score
- 7/10
- Exploit Score
- 1/10
- Access Vector
- Local
- Access Complexity
- High
- Privileges Required
- Low
- Impact Score
- 5.9/10
- Confidentiality Impact
- High
- Availability Impact
- High
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:eclipse:jetty:11.0.0:alpha1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:11.0.0:beta1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:10.0.0:beta1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:10.0.0:beta0:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:10.0.0:alpha1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* |
Yes
|
9.4.0 | - | |
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* |
Yes
|
1.0 | 9.3.29 | |
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:clustered_data_onta |
Yes
|
7.2 | - | |
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vs |
Yes
|
7.2 | - | |
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_offline_mediation_controller |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*: |
Yes
|
8.2.1 | - | |
cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:* |
Yes
|
11.5.0 | - | |
cpe:2.3:a:oracle:communications_application_session_controll |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0 |
Yes
|
- | - | |
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*: |
Yes
|
- | 9.2.6.0 | |
cpe:2.3:a:oracle:communications_converged_application_server |
Yes
|
- | - | |
cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:beam:2.21.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:beam:2.22.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:beam:2.23.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:beam:2.24.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:beam:2.25.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisor
- https://security.netapp.com/advisory/ntap-20201123-0005/
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.debian.org/security/2021/dsa-4949
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://lists.apache.org/thread.html/re08b03cd1754b32f342664eead415af48092c630c8e3e0deba
- https://lists.apache.org/thread.html/r0e9efe032cc65433251ee6470c66c334d4e7db9101e24cf91a
- https://lists.apache.org/thread.html/r5494fdaf4a0a42a15c49841ba7ae577d466d09239ee1050458
- https://lists.apache.org/thread.html/ra55e04d5a73afcb8383f4386e2b26832c6e3972e53827021ab
- https://lists.apache.org/thread.html/rd58b60ab2e49ebf21022e59e280feb25899ff785c88f31fe31
- https://lists.apache.org/thread.html/r93d5e81e879120d8d87925dbdd4045cb3afa9b066f4370f60b
- https://lists.apache.org/thread.html/r59e0878013d329dcc481eeafebdb0ee445b1e2852d0c4827b1
- https://lists.apache.org/thread.html/raf9c581b793c30ff8f55f2415c7bd337eb69775aae607bf9ed
- https://lists.apache.org/thread.html/rafb023a7c61180a1027819678eb2068b0b60cd5c2559cb8490
- https://lists.apache.org/thread.html/r1ed79516bd6d248ea9f0e704dbfd7de740d5a75b71c7be8699
- https://lists.apache.org/thread.html/r4f29fb24639ebc5d15fc477656ebc2b3aa00fcfbe197000009
- https://lists.apache.org/thread.html/r568d354961fa88f206dc345411fb11d245c6dc1a8da3e80187
- https://lists.apache.org/thread.html/r0df8fe10fc36028cf6d0381ab66510917d0d68bc5ef7042001
- https://lists.apache.org/thread.html/r100c5c7586a23a19fdb54d8a32e17cd0944bdaa46277b35c39
- https://lists.apache.org/thread.html/r2d17b2a4803096ba427f3575599ea29b55f5cf9dbc1f12ba04
- https://lists.apache.org/thread.html/rde782fd8e133f7e04e50c8aaa4774df524367764eb5b85bf60
- https://lists.apache.org/thread.html/re5706141ca397587f7ee0f500a39ccc590a41f802fc125fc13
- https://lists.apache.org/thread.html/r18b6f10d9939419bae9c225d5058c97533cb376c9d6d0a0733
- https://lists.apache.org/thread.html/rad255c736fad46135f1339408cb0147d0671e45c376c3be85c
- https://lists.apache.org/thread.html/r66e99d973fd79ddbcb3fbdb24f4767fe9b911f5b0abb05d7b6
- https://lists.apache.org/thread.html/r1dbb87c9255ecefadd8de514fa1d35c1d493c0527d7672cf40
- https://lists.apache.org/thread.html/r3a763de620be72b6d74f46ec4bf39c9f35f8a0b39993212c0a
- https://lists.apache.org/thread.html/rdbf1cd0ab330c032f3a09b453cb6405dccc905ad53765323bd
- https://lists.apache.org/thread.html/rfe6ba83d14545e982400dea89e68b10113cb5202a3dcb558ce
- https://lists.apache.org/thread.html/ra1f19625cc67ac1b459c558f2ea5647d71ce51c6fe4f4cb03b
- https://lists.apache.org/thread.html/rb8c007f87dc57731a7b9a3b05364530422535b7e0bc6a0c5b6
- https://lists.apache.org/thread.html/ra5b7313d8cc9411db6790adfba33f2cf0665cb77adb7b02043
- https://lists.apache.org/thread.html/r07525dc424ed69b3919618599e762f9ac03791490ca9d724f2
- https://lists.apache.org/thread.html/r7da5ae60d7973e8894cfe92f49ecb5b47417eefab4c77cc875
- https://lists.apache.org/thread.html/rc2e24756d28580eeac811c5c6a12012c9f424b6e5bffb89f98
- https://lists.apache.org/thread.html/rc4b972ea10c5a65c6a88a6e233778718ab9af7f484affdd5e5
- https://lists.apache.org/thread.html/r0f5e9b93133ef3aaf31484bc3e15cc4b85f8af0fe4de2dacd9
- https://lists.apache.org/thread.html/r874688141495df766e62be095f1dfb0bf4a24ca0340d8e0215
- https://lists.apache.org/thread.html/r09b345099b4f88d2bed7f195a96145849243fb4e53661aa3bc
- https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f
- https://lists.apache.org/thread.html/r1d45051310b11c6d6476f20d71b08ea97cb76846cbf61d196b
- https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3
- https://lists.apache.org/thread.html/r3e05ab0922876e74fea975d70af82b98580f4c14ba643c4f8a
- https://lists.apache.org/thread.html/r769411eb43dd9ef77665700deb7fc491fc3ceb532914260c90
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7
- https://lists.apache.org/thread.html/rc1d9b8e9d17749d4d2b9abaaa72c422d090315bd6bc0ae73a1
- https://lists.apache.org/thread.html/rae15d73cabef55bad148e4e6449b05da95646a2a8db3fc938e
- https://lists.apache.org/thread.html/r3b0ce1549a1ccdd7e51ec66daf8d54d46f1571edbda88ed09c
- https://lists.apache.org/thread.html/r8045eedd6bb74efcd8e01130796adbab98ee4a0d1273509fb1
- https://lists.apache.org/thread.html/rb077d35f2940191daeefca0d6449cddb2e9d06bcf8f5af4da2
- https://lists.apache.org/thread.html/rb5f2558ea2ac63633dfb04db1e8a6ea6bb1a2b8614899095e1
- https://lists.apache.org/thread.html/r1d40368a309f9d835dcdd900249966e4fcbdf98c1cc4c84db2
- https://lists.apache.org/thread.html/r87d8337300a635d66f0bb838bf635cdfcbba6b92c608a7813a
- https://lists.apache.org/thread.html/rf00ea6376f3d0e8b8f62cf6d4a4f28b24e27193acd2c851f61
- https://lists.apache.org/thread.html/r1fe31643fc34b4a33ae3d416d92c271aa97663f1782767d25e
- https://lists.apache.org/thread.html/r70f8bcccd304bd66c1aca657dbfc2bf11f73add9032571b01f
- https://lists.apache.org/thread.html/r8dd01541fc49d24ec223365a9974231cbd7378b749247a89b0
- https://lists.apache.org/thread.html/r1ef28b89ff0281c87ba3a7659058789bf28a99b8074191f1c3
- https://lists.apache.org/thread.html/r4179c71908778cc0598ee8ee1eaed9b88fc5483c65373f45e0
- https://lists.apache.org/thread.html/rb81a018f83fe02c95a2138a7bb4f1e1677bd7e1fc1e7024280
- https://lists.apache.org/thread.html/rcfb95a7c69c4b9c082ea1918e812dfc45aa0d1e120fd47f682
- https://lists.apache.org/thread.html/rcdd56ab4255801a0964dcce3285e87f2c6994e6469e189f683
- https://lists.apache.org/thread.html/rc8dd95802be0cca8d7d0929c0c8484ede384ecb966b2a9dc71
- https://lists.apache.org/thread.html/r503045a75f4419d083cb63ac89e765d6fb8b10c7dacc0c54fc
- https://lists.apache.org/thread.html/r2aa316d008dab9ae48350b330d15dc1b863ea2a933558fbfc4
- https://lists.apache.org/thread.html/r58f5b14dc5ae43583db3a7e872419aca97ebe47bcd7f7334f4
- https://lists.apache.org/thread.html/rc77918636d8744d50312e4f67ba2e01f47db3ec5144540df87
- https://lists.apache.org/thread.html/r71da5f51ef04cb95abae560425dce9667740cbd567920f516f
- https://lists.apache.org/thread.html/r351298dd39fc1ab63303be94b0c0d08acd72b17448e0346d73
- https://lists.apache.org/thread.html/r547bb14c88c5da2588d853ed3030be0109efa537dd797877df
- https://lists.apache.org/thread.html/r382870d6ccfd60533eb0d980688261723ed8a0704dafa691c4
- https://lists.apache.org/thread.html/rcff5caebfd535195276aaabc1b631fd55a4ff6b14e2bdfe33f
- https://lists.apache.org/thread.html/r9f8c45a2a4540911cd8bd0485f67e8091883c9234d7a3aeb34
- https://lists.apache.org/thread.html/r911c1879258ebf98bca172c0673350eb7ea6569ca1735888d4
- https://lists.apache.org/thread.html/rff0ad6a7dac2182421e2db2407e44fbb61a89904adfd91538f
- https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65f
- https://lists.apache.org/thread.html/r827d17bf6900eddc686f4b6ee16fc5e52ca0070f8df7612222
- https://lists.apache.org/thread.html/rccedec4cfd5df6761255b71349e3b7c27ee0745bd33698a71b
- https://lists.apache.org/thread.html/r9cd444f944241dc26d9b8b007fe8971ed7f005b56befef7a4f
- https://lists.apache.org/thread.html/r556787f1ab14da034d79dfff0c123c05877bbe89ef163fd359
- https://lists.apache.org/thread.html/r3f32cb4965239399c22497a0aabb015b28b2372d4897185a6e
- https://lists.apache.org/thread.html/rbf99e4495461099cad9aa62e0164f8f25a7f97b791b4ace56e
- https://lists.apache.org/thread.html/rf3bc023a7cc729aeac72f482e2eeeab9008aa6b1dadbeb3f45
- https://lists.apache.org/thread.html/ree506849c4f04376793b1a3076bc017da60b8a2ef2702dc214
- https://lists.apache.org/thread.html/r407c316f6113dfc76f7bb3cb1693f08274c521064a92e52141
- https://lists.apache.org/thread.html/rfd9f102864a039f7fda64a580dfe1a342d65d7b723ca06dc9f
- https://lists.apache.org/thread.html/r8cacf91ae1b17cc6531d20953c52fa52f6fd3191deb3383446
- https://lists.apache.org/thread.html/r2f732ee49d00610683ab5ddb4692ab25136b00bfd132ca3a59
- https://lists.apache.org/thread.html/raa9c370ab42d737e93bc1795bb6a2187d7c60210cd5e3b3ce8
- https://lists.apache.org/thread.html/r916b6542bd5b15a8a7ff8fc14a0e0331e8e3e9d682f22768ae
- https://lists.apache.org/thread.html/r93b240be16e642579ed794325bae31b040e1af896ecc124666
- https://lists.apache.org/thread.html/r0d7ad4f02c44d5d53a9ffcbca7ff4a8138241322da9c5c35b5
- https://lists.apache.org/thread.html/rc1646894341450fdc4f7e96a88f5e2cf18d8004714f98aec6b
- https://lists.apache.org/thread.html/rb8ad3745cb94c60d44cc369aff436eaf03dbc93112cefc86a2
- https://lists.apache.org/thread.html/r90b5ac6e2bf190a5297bda58c7ec76d01cd86ff050b2470fcd
- https://lists.apache.org/thread.html/r2122537d3f9beb0ce59f44371a951b226406719919656ed000
- https://lists.apache.org/thread.html/r279254a1bd6434c943da52000476f307e62b6910755387aeca
- https://lists.apache.org/thread.html/r185d10aae8161c08726f3ba9a1f1c47dfb97624ea6212fa217
- https://lists.apache.org/thread.html/r6236ae4adc401e3b2f2575c22865f2f6c6ea9ff1d7b264b40d
- https://lists.apache.org/thread.html/rb69b1d7008a4b3de5ce5867e41a455693907026bc70ead0686
- https://lists.apache.org/thread.html/r19e8b338af511641d211ff45c43646fe1ae19dc9897d69939c
- https://lists.apache.org/thread.html/r8866f0cd2a3b319288b7eea20ac137b9f260c813d10ee2db88
- https://lists.apache.org/thread.html/r5a07f274f355c914054c7357ad6d3456ffaca064f26cd780ac
- https://lists.apache.org/thread.html/rd7e62e2972a41c2658f41a824b8bdd15644d80fcadc51fe7b7
- https://lists.apache.org/thread.html/r87b0c69fef09277333a7e1716926d1f237d462e143a335854d
- https://lists.apache.org/thread.html/rdddb4b06e86fd58a1beda132f22192af2f9b56aae8849cb376
- https://lists.apache.org/thread.html/r9b790fe3a93121199f41258474222f15002b2f729495aa7ecb
- https://lists.apache.org/thread.html/rc9d2ab8a6c7835182f20b01104798e67c75db655c869733a07
- https://lists.apache.org/thread.html/r9cc76b98f87738791b8ec3736755f92444d3c8cb26bd4e4ffd
- https://lists.apache.org/thread.html/rc44d1147f78496ec9932a38b28795ff4fd0c4fa6e3b6f5cc33
- https://lists.apache.org/thread.html/rfe5caef1fd6cf4b8ceac1b63c33195f2908517b665c946c020
- https://lists.apache.org/thread.html/r0259b14ae69b87821e27fed1f5333ea86018294fd31aab16b1
- https://lists.apache.org/thread.html/r6b83ca85c8f9a6794b1f85bc70d1385ed7bc1ad07750d09775
- https://lists.apache.org/thread.html/r6f51a654ac2e67e3d1c65a8957cbbb127c3f15b64b4fcd626d
- https://lists.apache.org/thread.html/r819857361f5a156e90d6d06ccf6c41026bc99030d60d0804be
- https://lists.apache.org/thread.html/r77dd041d8025a869156481d2268c67ad17121f64e31f9b4a1a
- https://lists.apache.org/thread.html/r171846414347ec5fed38241a9f8a009bd2c89d902154c6102b
- https://lists.apache.org/thread.html/r9c010b79140452294292379183e7fe8e3533c5bb4db3f3fb39
- https://lists.apache.org/thread.html/r73b5a9b677b707bbb7c1469ea746312c47838b312603bada9e
- https://lists.apache.org/thread.html/r8fead0144bb84d8714695c43607dca9c5101aa028a431ec695
- https://lists.apache.org/thread.html/r2e02700f7cfecb213de50be83e066086bea90278cd753db7fd
- https://lists.apache.org/thread.html/r44115ebfbf3b7d294d7a75f2d30bcc822dab186ebbcc2dce11
- https://lists.apache.org/thread.html/r336b1694a01858111e4625fb9ab2b07ad43a64a525cf6402e0
- https://lists.apache.org/thread.html/rb7e159636b26156f6ef2b2a1a79b3ec9a026923b5456713e68
- https://lists.apache.org/thread.html/rbc5a622401924fadab61e07393235838918228b3d8a1a67042
- https://lists.apache.org/thread.html/r6dfa64ecc3d67c1a71c08bfa04064549179d499f8e20a8285c
- https://lists.apache.org/thread.html/r4946ffd86ad6eb7cb7863311235c914cb41232380de8d9dcdb
- https://lists.apache.org/thread.html/r3042a9dd2973aa229e52d022df7813e4d74b67df73bfa6d97b
- https://lists.apache.org/thread.html/r0d95e01f52667f44835c40f6dea72bb4397f33cd70a564ea74
- https://lists.apache.org/thread.html/refbbb0eb65c185d1fa491cee08ac8ed32708ce3b269133a6da
- https://lists.apache.org/thread.html/r5a9462096c71593e771602beb0e69357adb5175d9a5c18d518
- https://lists.apache.org/thread.html/r761a52f1e214efec286ee80045d0012e955eebaa72395ad62c
- https://lists.apache.org/thread.html/r7bdc83513c12db1827b79b8d57a7a0975a25d28bc6c5efe590
- https://lists.apache.org/thread.html/rcdcf32952397c83a1d617a8c9cd5c15c98b8d0d38a60797295
- https://lists.apache.org/thread.html/r9d9b4b93df7f92cdf1147db0fc169be1776c93d1fbc63bc657