7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
29.9%
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru
10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems,
the system’s temporary directory is shared between all users on that
system. A collocated user can observe the process of creating a temporary
sub directory in the shared temporary directory and race to complete the
creation of the temporary subdirectory. If the attacker wins the race then
they will have read and write permission to the subdirectory used to unpack
web applications, including their WEB-INF/lib jar files and JSP files. If
any code is ever executed out of this temporary directory, this can lead to
a local privilege escalation vulnerability.
bugs.eclipse.org/bugs/show_bug.cgi?id=567921
github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb
github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f
github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6
github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053
launchpad.net/bugs/cve/CVE-2020-27216
nvd.nist.gov/vuln/detail/CVE-2020-27216
security-tracker.debian.org/tracker/CVE-2020-27216
www.cve.org/CVERecord?id=CVE-2020-27216
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
29.9%