Strix
26.1K

CVE-2020-27216

HIGHCVSS 7/10EPSS 4.30%

Last modified

CVE-2020-27216 is a high-severity vulnerability rated 7/10 on the CVSS scale. In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. EPSS estimates a 4.30% chance of exploitation in the next 30 days.

Description

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

Metrics

CVSS 3.1
7/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
4.30%

89.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
EclipseJetty>= 1.0, < 9.3.29
EclipseJetty>= 9.4.0, <= 9.4.32
EclipseJetty10.0.0Alpha1
EclipseJetty11.0.0Alpha1
NetappSnap Creator FrameworkAll versions
NetappSnapcenterAll versions
NetappVasa Provider>= 7.2
NetappVirtual Storage Console>= 7.2
NetappStorage Replication Adapter>= 7.2
OracleCommunications Application Session Controller3.9m0p2
OracleCommunications Converged Application Server - Service Controller6.2
OracleCommunications Element Manager>= 8.2.1, <= 8.2.2.1
OracleCommunications Offline Mediation Controller12.0.0.3.0
OracleCommunications Pricing Design Center12.0.0.3.0
OracleCommunications Services Gatekeeper7.0
OracleFlexcube Core Banking>= 11.5.0, <= 11.9.0
OracleFlexcube Private Banking12.0.0
OracleFlexcube Private Banking12.1.0
OracleJd Edwards Enterpriseone Tools< 9.2.6.0
OracleSiebel Core - Automation<= 21.5
ApacheBeam2.21.0
ApacheBeam2.22.0
ApacheBeam2.23.0
ApacheBeam2.24.0
ApacheBeam2.25.0
DebianDebian Linux9.0
DebianDebian Linux10.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-27216?
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
How severe is CVE-2020-27216?
CVE-2020-27216 has a CVSS score of 7/10 (HIGH severity). The EPSS model estimates a 4.30% probability of exploitation in the next 30 days.
How do I fix CVE-2020-27216?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-27216?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST