Ubuntu.comUB:CVE-2020-17521CVE-2020-17521
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
29.4%
Apache Groovy provides extension methods to aid with creating temporary
directories. Prior to this fix, Groovy’s implementation of those extension
methods was using a now superseded Java JDK method call that is potentially
not secure on some operating systems in some contexts. Users not using the
extension methods mentioned in the advisory are not affected, but may wish
to read the advisory for further details. Versions Affected: 2.0 to 2.4.20,
2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions
2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
References
github.com/apache/groovy/commit/4e418d4a34c973a7ec1e822552103043ac13780e (GROOVY_2_4_21)
groovy-lang.org/security.html#CVE-2020-17521
issues.apache.org/jira/browse/GROOVY-9824
launchpad.net/bugs/cve/CVE-2020-17521
lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2020-17521
security-tracker.debian.org/tracker/CVE-2020-17521
www.cve.org/CVERecord?id=CVE-2020-17521
www.openwall.com/lists/oss-security/2020/12/06/1
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
29.4%