CVE-2020-27216

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-27216
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27216.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-27216
Aliases
Downstream
Related
Published
2020-10-23T13:15:16.283Z
Modified
2026-03-15T22:38:58.961341Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

References

Affected packages

Git / github.com/apache/beam

Affected ranges

Type
GIT
Repo
https://github.com/apache/beam
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e859735df4778a545ea06262964ea19e53b06f91
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1c38b13a0c0f725b205b6ed360975ec3fdabaf09
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
696fc99f9957c96b9f878f86f686df5e5311b731
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ac35099e438d5fb8d471263e0485edc8c2eb6886
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9d03de35c512b317f5e1c22aec821e1c44029a1a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.21.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.22.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.23.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.24.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.25.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/jetty/jetty.project
Events
Introduced
eea06004f5a0a234b20f3ee8259f33b5b6967372
Fixed
dc45408dd3f9543c51643ececa5dca76ca08d219
Introduced
bf9d17540c7ae4c91be30c045a9485aa2030d3e5
Last affected
de97d26f7bd222a0e16831e353d702a7a422f711
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
57e5cd8a4d1e5fe0eb77443139253a6878f9c3e7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6fdb7a9bb5304af85e2afee89bd2b2eebda4a911
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3ddccfe4bc98be58e5232e6ee426f3cbe714139b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
338ada6076ce454afeb10a88bc63e51dfb8c6dad
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9b32bd336e93358a7afd5f3927018d41e4badff2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ce21ec22be920f61d3c840718d661c0f9d1e174
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
28100e8da711e44c0722ed10bd413ae862497539
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c8372b65bd15404de1444d68902c0455a3a69b64
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
883fe0e8317a89c46b49465bac2dcd07166e714c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b9645a17373e4e9b7f30b6c0a07defcea2cb660b
Database specific 
{
    "versions": [
        {
            "introduced": "1.0"
        },
        {
            "fixed": "9.3.29"
        },
        {
            "introduced": "9.4.0"
        },
        {
            "last_affected": "9.4.32"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-alpha1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-beta0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        }
    ]
}

Affected versions

Other
MOE
OldDoFn
PRE-MERGE-20120719-1138
apache-dataflow-ancestor
dataflow_runner_v2
java-ulr-removal
list
v-RC1-DupdateWorkingCopyVersions=false
website-to-hugo
jetty-7.*
jetty-7.6.10.v20130312
jetty-7.6.11.v20130520
jetty-7.6.11.v20130725
jetty-7.6.12.v20130726
jetty-7.6.13.v20130910
jetty-7.6.3.v20120413
jetty-7.6.3.v20120416
jetty-7.6.4.v20120522
jetty-7.6.4.v20120524
jetty-7.6.5.v20120713
jetty-7.6.5.v20120716
jetty-7.6.6.v20120903
jetty-7.6.7.v20120910
jetty-7.6.8.v20121106
jetty-7.6.9.v20130131
jetty-8.*
jetty-8.1.0.RC1
jetty-8.1.0.RC2
jetty-8.1.0.RC4
jetty-8.1.0.RC5
jetty-8.1.0.v20120125
jetty-8.1.0.v20120127
jetty-8.1.1.v20120215
jetty-8.1.10.v20130312
jetty-8.1.11.v20130520
jetty-8.1.12.v20130725
jetty-8.1.12.v20130726
jetty-8.1.13.v20130910
jetty-8.1.13.v20130916
jetty-8.1.2.v20120302
jetty-8.1.2.v20120308
jetty-8.1.3.v20120413
jetty-8.1.3.v20120416
jetty-8.1.4.v20120522
jetty-8.1.4.v20120524
jetty-8.1.5.v20120713
jetty-8.1.5.v20120716
jetty-8.1.6.v20120903
jetty-8.1.7.v20120910
jetty-8.1.8.v20121106
jetty-8.1.9.v20130131
jetty-9.*
jetty-9.0.0.M0
jetty-9.0.0.M1
jetty-9.0.0.M2
jetty-9.0.0.M3
jetty-9.0.0.M4
jetty-9.0.0.M5
jetty-9.0.0.RC0
jetty-9.0.0.RC1
jetty-9.0.0.RC2
jetty-9.0.0.RC3
jetty-9.0.0.v20130308
jetty-9.0.1.v20130408
jetty-9.0.2.v20130417
jetty-9.0.2.v20140415
jetty-9.0.3.v20130506
jetty-9.0.4.v20130621
jetty-9.0.4.v20130625
jetty-9.0.5.v20130813
jetty-9.0.5.v20130815
jetty-9.0.6.v20130919
jetty-9.0.6.v20130930
jetty-9.0.7.v20131031
jetty-9.0.7.v20131107
jetty-9.0.x
jetty-9.1.0.M0
jetty-9.1.0.RC0
jetty-9.1.0.RC1
jetty-9.1.0.RC2
jetty-9.1.0.v20131115
jetty-9.1.1.v20140108
jetty-9.1.2.v20140210
jetty-9.1.3.v20140225
jetty-9.1.4.v20140401
jetty-9.2.0.M0
jetty-9.2.0.M1
jetty-9.2.0.RC0
jetty-9.2.0.v20140523
jetty-9.2.0.v20140526
jetty-9.2.1.v20140609
jetty-9.2.10.v20150310
jetty-9.2.11.M0
jetty-9.2.11.v20150528
jetty-9.2.11.v20150529
jetty-9.2.12.M0
jetty-9.2.12.v20150709
jetty-9.2.13.v20150730
jetty-9.2.14.v20151106
jetty-9.2.15.v20160210
jetty-9.2.16.v20160414
jetty-9.2.17.v20160517
jetty-9.2.18.v20160721
jetty-9.2.19.v20160908
jetty-9.2.2.v20140723
jetty-9.2.20.v20161216
jetty-9.2.21.v20170120
jetty-9.2.22.v20170606
jetty-9.2.23.v20171218
jetty-9.2.24.v20180105
jetty-9.2.25.v20180606
jetty-9.2.26.v20180806
jetty-9.2.27.v20190403
jetty-9.2.28.v20190418
jetty-9.2.29.v20191105
jetty-9.2.3.v20140905
jetty-9.2.4.v20141103
jetty-9.2.5.v20141112
jetty-9.2.6.v20141203
jetty-9.2.6.v20141205
jetty-9.2.7.v20150116
jetty-9.2.8.v20150217
jetty-9.2.9.v20150224
jetty-9.3.0.M0
jetty-9.3.0.v20150612
jetty-9.3.1.v20150714
jetty-9.3.10.M0
jetty-9.3.10.v20160621
jetty-9.3.11.M0
jetty-9.3.11.v20160721
jetty-9.3.12.v20160915
jetty-9.3.13.M0
jetty-9.3.13.v20161014
jetty-9.3.14.v20161028
jetty-9.3.15.v20161220
jetty-9.3.16.v20170120
jetty-9.3.17.v20170317
jetty-9.3.18.v20170406
jetty-9.3.19.v20170502
jetty-9.3.20.v20170531
jetty-9.3.21.M0
jetty-9.3.21.v20170918
jetty-9.3.22.v20171030
jetty-9.3.23.v20180228
jetty-9.3.24.v20180605
jetty-9.3.25.v20180904
jetty-9.3.26.v20190403
jetty-9.3.27.v20190418
jetty-9.3.28.v20191105
jetty-9.3.3.v20150825
jetty-9.3.3.v20150827
jetty-9.3.4.v20151007
jetty-9.3.5.v20151012
jetty-9.3.6.v20151106
jetty-9.3.7.RC0
jetty-9.3.7.RC1
jetty-9.3.7.v20160115
jetty-9.3.8.RC0
jetty-9.3.8.v20160314
jetty-9.3.9.M1
jetty-9.3.9.v20160517
jetty-9.4.0.M1
jetty-9.4.0.RC0
jetty-9.4.0.RC1
jetty-9.4.0.RC2
jetty-9.4.0.RC3
jetty-9.4.0.v20161207
jetty-9.4.0.v20161208
jetty-9.4.1.v20170120
jetty-9.4.10.v20180503
jetty-9.4.11.v20180605
jetty-9.4.12.v20180830
jetty-9.4.13.v20181111
jetty-9.4.14.v20181114
jetty-9.4.15.v20190215
jetty-9.4.16.v20190411
jetty-9.4.17.v20190418
jetty-9.4.18.v20190429
jetty-9.4.19.v20190610
jetty-9.4.2.v20170220
jetty-9.4.20.v20190813
jetty-9.4.21.v20190926
jetty-9.4.22.v20191022
jetty-9.4.23.v20191118
jetty-9.4.24.v20191120
jetty-9.4.25.v20191220
jetty-9.4.26.v20200117
jetty-9.4.27.v20200227
jetty-9.4.28.v20200408
jetty-9.4.29.v20200521
jetty-9.4.3.v20170317
jetty-9.4.30.v20200611
jetty-9.4.31.v20200723
jetty-9.4.32.v20200930
jetty-9.4.4.v20170414
jetty-9.4.5.v20170502
jetty-9.4.6.v20170531
jetty-9.4.7.v20170914
jetty-9.4.8.v20171121
jetty-9.4.9.v20180320
npn-api-1.*
npn-api-1.0.0.v20120402
npn-api-1.1.0.v20120525
v0.*
v0.3.20141216
v0.3.20150109
v0.3.20150210
v0.3.20150211
v0.3.20150227
v0.3.20150326
v0.4.20150414
v0.4.20150602
v0.4.20150710
v0.4.20150727
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v2.*
v2.2.0
v2.2.0-RC1
v2.2.0-RC2
v2.2.0-RC3
v2.2.0-RC4
v2.21.0
v2.21.0-RC1
v2.22.0
v2.22.0-RC1
v2.23.0
v2.23.0-RC1
v2.23.0-RC2
v2.24.0
v2.24.0-RC1
v2.24.0-RC2
v2.24.0-RC3
v2.25.0
v2.25.0-RC1
v2.25.0-RC2

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0.0-alpha1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.9m0p2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.2.1"
            },
            {
                "last_affected": "8.2.2.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.5.0"
            },
            {
                "last_affected": "11.9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "9.2.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "21.5"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27216.json"