Jython Improper Access Restrictions vulnerability

2022-05-1402:05:10

Google

osv.dev

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

CPENameOperatorVersion
org.python:jython-standaloneeq2.7-rc1
org.python:jython-standaloneeq2.7.1-rc3
org.python:jython-standaloneeq2.7.0
org.python:jython-standaloneeq2.7.2b2
org.python:jython-standaloneeq2.5.4-rc1
org.python:jython-standaloneeq2.7.1b1
org.python:jython-standaloneeq2.7.1-rc2
org.python:jython-standaloneeq2.7-rc3
org.python:jython-standaloneeq2.5.1
org.python:jython-standaloneeq2.7.1

Name	Operator	Version
org.python:jython-standalone	eq	2.7-rc1
org.python:jython-standalone	eq	2.7.1-rc3
org.python:jython-standalone	eq	2.7.0
org.python:jython-standalone	eq	2.7.2b2
org.python:jython-standalone	eq	2.5.4-rc1
org.python:jython-standalone	eq	2.7.1b1
org.python:jython-standalone	eq	2.7.1-rc2
org.python:jython-standalone	eq	2.7-rc3
org.python:jython-standalone	eq	2.5.1
org.python:jython-standalone	eq	2.7.1