CVE-2020-27216 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-27216 Interim 1 8 2022-11-09T01:17:35Z current 2021-10-30T01:15:04Z 2022-11-09T01:17:35Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-27216 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-http jetty-io jetty-minimal jetty-security jetty-server jetty-servlet jetty-util jetty-util-ajax jetty-http as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-io as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-security as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-server as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-servlet as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-util as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-util-ajax as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-minimal as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. CVE-2020-27216 SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-http SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-io SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-minimal SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-security SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-server SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-servlet SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-util SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-util-ajax moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H