CVE-2020-27216

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-27216
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27216.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-27216
Aliases
Downstream
Related
Published
2020-10-23T13:15:16.283Z
Modified
2026-04-10T15:29:15.512870659Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

References

Affected packages

Git / github.com/apache/beam

Affected ranges

Type
GIT
Repo
https://github.com/apache/beam
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e859735df4778a545ea06262964ea19e53b06f91
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1c38b13a0c0f725b205b6ed360975ec3fdabaf09
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
696fc99f9957c96b9f878f86f686df5e5311b731
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ac35099e438d5fb8d471263e0485edc8c2eb6886
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9d03de35c512b317f5e1c22aec821e1c44029a1a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.21.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.22.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.23.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.24.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.25.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/jetty/jetty.project
Events
Introduced
eea06004f5a0a234b20f3ee8259f33b5b6967372
Fixed
dc45408dd3f9543c51643ececa5dca76ca08d219
Introduced
bf9d17540c7ae4c91be30c045a9485aa2030d3e5
Last affected
de97d26f7bd222a0e16831e353d702a7a422f711
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
57e5cd8a4d1e5fe0eb77443139253a6878f9c3e7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6fdb7a9bb5304af85e2afee89bd2b2eebda4a911
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3ddccfe4bc98be58e5232e6ee426f3cbe714139b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
338ada6076ce454afeb10a88bc63e51dfb8c6dad
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9b32bd336e93358a7afd5f3927018d41e4badff2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ce21ec22be920f61d3c840718d661c0f9d1e174
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
28100e8da711e44c0722ed10bd413ae862497539
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c8372b65bd15404de1444d68902c0455a3a69b64
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
883fe0e8317a89c46b49465bac2dcd07166e714c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b9645a17373e4e9b7f30b6c0a07defcea2cb660b
Database specific 
{
    "versions": [
        {
            "introduced": "1.0"
        },
        {
            "fixed": "9.3.29"
        },
        {
            "introduced": "9.4.0"
        },
        {
            "last_affected": "9.4.32"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-alpha1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-beta0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        }
    ]
}

Affected versions

Other
OldDoFn
dataflow_runner_v2
java-ulr-removal
list
website-to-hugo
jetty-10.*
jetty-10.0.0
jetty-10.0.0.alpha1
jetty-10.0.0.beta0
jetty-10.0.0.beta1
jetty-10.0.0.beta2
jetty-11.*
jetty-11.0.0-alpha0
jetty-11.0.0.beta1
jetty-11.0.0.beta2
jetty-11.0.2
jetty-11.0.8
jetty-11.0.9
jetty-12.*
jetty-12.0.0.beta2x
jetty-12.0.0.beta3x
jetty-12.0.0x
jetty-12.0.5
jetty-12.0.6
jetty-12.1.0
jetty-12.1.0.beta1
jetty-8.*
jetty-8.0.0.RC0
jetty-8.1.0.RC0
jetty-9.*
jetty-9.0.x
jetty-9.1.0.M0
jetty-9.1.0.RC0
jetty-9.1.0.RC1
jetty-9.1.0.RC2
jetty-9.1.0.v20131115
jetty-9.1.1.v20140108
jetty-9.1.2.v20140210
jetty-9.1.3.v20140225
jetty-9.1.4.v20140401
jetty-9.2.0.M0
jetty-9.2.0.M1
jetty-9.2.0.RC0
jetty-9.2.0.v20140523
jetty-9.2.0.v20140526
jetty-9.2.1.v20140609
jetty-9.3.13.M0
jetty-9.3.17.v20170317
jetty-9.3.18.v20170406
jetty-9.3.19.v20170502
jetty-9.3.23.v20180228
jetty-9.3.24.v20180605
jetty-9.3.25.v20180904
jetty-9.3.4.v20151007
jetty-9.3.7.RC1
jetty-9.3.7.v20160115
jetty-9.4.10.v20180503
jetty-9.4.12.v20180830
jetty-9.4.13.v20181111
jetty-9.4.14.v20181114
jetty-9.4.15.v20190215
jetty-9.4.2.v20170220
jetty-9.4.26.v20200117
jetty-9.4.27.v20200227
jetty-9.4.28.v20200408
jetty-9.4.32.v20200930
jetty-9.4.6.v20170531
v2.*
v2.21.0
v2.21.0-RC1
v2.22.0
v2.22.0-RC1
v2.23.0
v2.23.0-RC1
v2.23.0-RC2
v2.24.0
v2.24.0-RC1
v2.24.0-RC2
v2.24.0-RC3
v2.25.0
v2.25.0-RC1
v2.25.0-RC2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27216.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0.0-alpha1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.9m0p2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.2.1"
            },
            {
                "last_affected": "8.2.2.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.5.0"
            },
            {
                "last_affected": "11.9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "9.2.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "21.5"
            }
        ]
    }
]