CVE-2020-27216

Description

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

Related CPE's

aeclipsejetty11.0.0alpha1******

aeclipsejetty11.0.0beta1******

aeclipsejetty11.0.0beta2******

aeclipsejetty10.0.0beta1******

aeclipsejetty10.0.0beta2******

aeclipsejetty10.0.0beta0******

aeclipsejetty10.0.0alpha1******

aeclipsejetty********

aeclipsejetty********

anetappsnap_creator_framework-*******

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921

ExploitPatchVendor Advisory

https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053

ExploitMitigationThird Party Advisory

[shiro-commits] 20201104 [GitHub] [shiro] coheigea opened a new pull request #262: Update Jetty to 9.4.33.v20201020 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[directory-commits] 20201104 [directory-server] branch master updated: Updating Jetty to 9.4.33 to fix CVE-2020-27216

Mailing ListPatchThird Party Advisory

[kafka-jira] 20201104 [GitHub] [kafka] niteshmor opened a new pull request #9556: MINOR: Update jetty to 9.4.33

Mailing ListThird Party Advisory

[shiro-commits] 20201104 [shiro] branch master updated: Update Jetty to 9.4.33.v20201020 to fix CVE-2020-27216

Mailing ListPatchThird Party Advisory

[shiro-commits] 20201104 [GitHub] [shiro] fpapon merged pull request #262: Update Jetty to 9.4.33.v20201020 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[druid-commits] 20201106 [GitHub] [druid] suneet-s opened a new pull request #10563: Bump jetty to latest version

Mailing ListThird Party Advisory

[beam-issues] 20201110 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20201123-0005/

Third Party Advisory

[zookeeper-dev] 20201123 Owasp test failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-issues] 20201123 [jira] [Created] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-notifications] 20201123 [GitHub] [zookeeper] anmolnar opened a new pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-dev] 20201123 Re: Owasp test failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-issues] 20201123 [jira] [Updated] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-dev] 20201123 [jira] [Created] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-notifications] 20201123 [GitHub] [zookeeper] anmolnar commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-notifications] 20201123 [GitHub] [zookeeper] ztzg commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-notifications] 20201123 [GitHub] [zookeeper] eolivelli commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-notifications] 20201124 [GitHub] [zookeeper] anmolnar commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-notifications] 20201124 [GitHub] [zookeeper] anmolnar edited a comment on pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-notifications] 20201124 [GitHub] [zookeeper] asfgit closed pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-commits] 20201124 [zookeeper] branch master updated: ZOOKEEPER-4017: Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListPatchThird Party Advisory

[zookeeper-commits] 20201124 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4017: Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListPatchThird Party Advisory

[zookeeper-issues] 20201124 [jira] [Resolved] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-commits] 20201124 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4017: Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListPatchThird Party Advisory

[zookeeper-notifications] 20201124 [GitHub] [zookeeper] nkalmar commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-issues] 20201124 [jira] [Updated] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[felix-dev] 20201125 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #63: FELIX-6364 Security vulnerability CVE-2020-27216 ,update jetty

Mailing ListThird Party Advisory

[felix-dev] 20201125 [jira] [Created] (FELIX-6364) Security vulnerability CVE-2020-27216 ,update jetty

Mailing ListThird Party Advisory

[felix-dev] 20201125 [jira] [Updated] (FELIX-6364) Security vulnerability CVE-2020-27216 ,update jetty

Mailing ListThird Party Advisory

[felix-dev] 20201125 [jira] [Assigned] (FELIX-6364) Security vulnerability CVE-2020-27216 ,update jetty

Mailing ListThird Party Advisory

[felix-dev] 20201125 [jira] [Resolved] (FELIX-6364) Security vulnerability CVE-2020-27216 ,update jetty

Mailing ListThird Party Advisory

[felix-dev] 20201125 [GitHub] [felix-dev] cziegeler merged pull request #63: FELIX-6364 Security vulnerability CVE-2020-27216 ,update jetty

Mailing ListThird Party Advisory

[felix-commits] 20201125 [felix-dev] branch master updated: FELIX-6364 Security vulnerability CVE-2020-27216 , update jetty (#63)

Mailing ListPatchThird Party Advisory

[zookeeper-dev] 20201205 [jira] [Created] (ZOOKEEPER-4023) CLONE - Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-issues] 20201205 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Mailing ListThird Party Advisory

[zookeeper-issues] 20201205 [jira] [Assigned] (ZOOKEEPER-4023) CLONE - Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-issues] 20201205 [jira] [Created] (ZOOKEEPER-4023) CLONE - Owasp check failing - Jetty 9.4.32 - CVE-2020-27216

Mailing ListThird Party Advisory

[zookeeper-dev] 20201208 Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0

Mailing ListThird Party Advisory

[beam-issues] 20201211 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20201211 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list

Mailing ListThird Party Advisory

[beam-issues] 20201218 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20201218 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20201218 [jira] [Assigned] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2021.html

PatchThird Party Advisory

[beam-issues] 20210126 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210127 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210219 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210219 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210219 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210220 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210220 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210222 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210223 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210223 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210223 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210302 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210302 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[iotdb-reviews] 20210303 [GitHub] [iotdb] wangchao316 commented on pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216

Mailing ListThird Party Advisory

[iotdb-notifications] 20210303 [jira] [Created] (IOTDB-1181) Upgrade jetty jar to fix CVE-2020-27216

Mailing ListThird Party Advisory

[iotdb-reviews] 20210303 [GitHub] [iotdb] wangchao316 opened a new pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210303 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210303 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210303 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210304 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210305 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210305 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[iotdb-commits] 20210308 [iotdb] branch master updated: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216

Mailing ListThird Party Advisory

[iotdb-reviews] 20210308 [GitHub] [iotdb] jixuan1989 commented on pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216

Mailing ListThird Party Advisory

[iotdb-reviews] 20210308 [GitHub] [iotdb] jixuan1989 merged pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210308 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210309 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes

Mailing ListThird Party Advisory

[beam-issues] 20210310 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210310 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210311 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210311 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210311 [jira] [Assigned] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210312 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210312 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210312 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210312 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210312 [jira] [Assigned] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210313 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210315 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210315 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210315 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210316 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210316 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210322 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210322 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210323 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210324 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210325 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210326 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210327 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210329 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210330 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210331 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210402 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210402 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210405 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210406 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210407 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210408 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210409 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210409 [jira] [Reopened] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210409 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210410 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210410 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210415 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210416 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210422 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210423 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210426 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210510 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210510 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210511 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210512 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210513 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update

Mailing ListThird Party Advisory

[beam-issues] 20210514 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210517 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210519 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210520 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210520 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210521 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210524 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210525 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210525 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210526 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[beam-issues] 20210526 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216

Mailing ListThird Party Advisory

[knox-dev] 20210601 [jira] [Created] (KNOX-2615) Upgrade to jetty-webapp.9.4.33 due to CVE-2020-27216

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

PatchThird Party Advisory

N/A

PatchThird Party Advisory

DSA-4949

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Not ApplicableThird Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

HIGH

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

7

VectorString

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

4.400000095367432

VectorString

AV:L/AC:M/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io