Home

CVE-2020-27216

Description

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the systems temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

Risk Information

Base Score
7.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.09

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-27216 are fixed in Eclipse-jetty-webapp 10.0.0Windows
Vulnerabilities CVE-2020-27216 are fixed in Eclipse-jetty-webapp 11.0.0Windows
Vulnerabilities CVE-2020-27216 are fixed in Mortbay-jetty-webapp 10.0.0Windows
Vulnerabilities CVE-2020-27216 are fixed in Mortbay-jetty-webapp 11.0.0Windows
Vulnerabilities CVE-2020-27216 are fixed in Eclipse-jetty-webapp 9.4.33Windows
Vulnerabilities CVE-2020-27216 are fixed in Mortbay-jetty-webapp 9.4.33Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
Multiple Vulnerabilities are affected in Netapp Snapcenter -Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2Windows
Multiple Vulnerabilities are affected in IBM Security Verify Directory Integrator 10.0.0Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3.1Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.2Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.1Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.4Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.5.2Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0.1Windows
Multiple Vulnerabilities are affected in IBM MQ 9.0Windows
Multiple Vulnerabilities are affected in IBM MQ 9.1Windows
Multiple Vulnerabilities are affected in IBM MQ 9.2Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 23.0.2Windows
jetty9 security update(DSA-4949-1) jetty9_9.4.16-0+deb10u1_all.debLinux
Vulnerabilities CVE-2020-27216 are fixed in Eclipse-jetty-webapp for Linux 10.0.0Linux
Vulnerabilities CVE-2020-27216 are fixed in Eclipse-jetty-webapp for Linux 11.0.0Linux
Vulnerabilities CVE-2020-27216 are fixed in Mortbay-jetty-webapp for Linux 10.0.0Linux
Vulnerabilities CVE-2020-27216 are fixed in Mortbay-jetty-webapp for Linux 11.0.0Linux
Vulnerabilities CVE-2020-27216 are fixed in Eclipse-jetty-webapp for Linux 9.4.33Linux
Vulnerabilities CVE-2020-27216 are fixed in Mortbay-jetty-webapp for Linux 9.4.33Linux
CVE-2020-27216NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234