In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse jetty 11.0.0 |
||
eclipse jetty 10.0.0 |
||
eclipse jetty |
||
netapp snap creator framework - |
||
netapp snapcenter - |
||
netapp vasa provider |
||
netapp virtual storage console |
||
netapp storage_replication_adapter |
||
oracle flexcube private banking 12.1.0 |
||
oracle flexcube private banking 12.0.0 |
||
oracle communications offline mediation controller 12.0.0.3.0 |
||
oracle communications services gatekeeper 7.0 |
||
oracle communications element manager |
||
oracle flexcube core banking |
||
oracle communications application session controller 3.9m0p2 |
||
oracle communications pricing design center 12.0.0.3.0 |
||
oracle jd edwards enterpriseone tools |
||
oracle communications converged application server - service controller 6.2 |
||
oracle siebel core - automation |
||
apache beam 2.21.0 |
||
apache beam 2.22.0 |
||
apache beam 2.23.0 |
||
apache beam 2.24.0 |
||
apache beam 2.25.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |