2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
29.4%
Severity: High
Date : 2021-03-25
CVE-ID : CVE-2020-17521
Package : groovy
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-1325
The package groovy before version 2.5.14-1 is vulnerable to privilege
escalation.
Upgrade to 2.5.14-1.
The problem has been fixed upstream in version 2.5.14.
None.
Groovy before version 2.5.14 may create temporary directories within
the OS temporary directory which is shared between all users on
affected systems. Groovy will create such directories for internal use
when producing Java Stubs or on behalf of user code via two extension
methods for creating temporary directories. If Groovy user code uses
either of these extension methods, and stores executable code in the
resulting temporary directory, this can lead to local privilege
escalation. If such Groovy code is making use of the temporary
directory to store sensitive information, such information could be
exposed or modified.
A local attacker is able to obtain and modify sensitive information in
Groovy temporary directories leading to privilege escalation if
executable code is stored.
https://bugs.archlinux.org/task/68865
https://issues.apache.org/jira/browse/GROOVY-9824
https://github.com/apache/groovy/commit/98dc5d713926cd81b006c510a1546ccd520fe17f
https://security.archlinux.org/CVE-2020-17521
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
29.4%