{ "threat_severity" : "Moderate", "public_date" : "2020-10-22T00:00:00Z", "bugzilla" : { "description" : "jetty: local temporary directory hijacking vulnerability", "id" : "1891132", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1891132" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-377", "details" : [ "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability." ], "statement" : "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "affected_release" : [ { "product_name" : "Red Hat AMQ", "release_date" : "2020-12-08T00:00:00Z", "advisory" : "RHSA-2020:5365", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat AMQ LTS 7.4.6", "release_date" : "2021-02-02T00:00:00Z", "advisory" : "RHSA-2021:0329", "cpe" : "cpe:/a:redhat:amq_broker:7", "package" : "jetty", "impact" : "low" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-1:4.17-6.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-ant-0:1.10.9-1.2.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-antlr32-0:3.2-28.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-apache-sshd-1:2.4.0-5.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-apiguardian-0:1.1.0-6.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-args4j-0:2.33-12.2.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-batik-0:1.13-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-bouncycastle-0:1.67-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-cbi-plugins-0:1.1.7-8.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-decentxml-0:1.4-24.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-ecj-1:4.17-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-1:4.17-2.2.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-ecf-0:3.14.17-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-egit-0:5.9.0-1.1.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-emf-1:2.23.0-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-gef-0:3.11.0-14.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-jgit-0:5.9.0-1.1.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-license-0:2.0.2-2.1.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-m2e-core-0:1.16.2-3.1.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-m2e-workspace-0:0.4.0-16.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-mpc-0:1.8.4-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-pydev-1:8.0.0-1.1.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-subclipse-0:4.3.0-8.1.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-eclipse-webtools-0:3.19.0-1.1.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-ed25519-java-0:0.3.0-8.2.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-felix-gogo-command-0:1.0.2-12.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-felix-gogo-parent-0:4-6.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-felix-gogo-runtime-0:1.1.0-8.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-felix-gogo-shell-0:1.1.0-6.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-felix-scr-0:2.1.16-7.2.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-javaewah-0:1.1.6-10.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-javaparser-0:3.14.16-1.2.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jchardet-0:1.1-23.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jctools-0:3.1.0-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jetty-0:9.4.33-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jffi-0:1.2.23-2.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jgit-0:5.9.0-1.2.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jna-0:5.4.0-7.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jnr-constants-0:0.9.12-7.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jnr-ffi-0:2.1.8-9.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jnr-netdb-0:1.1.6-11.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jnr-posix-0:3.0.47-7.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jnr-x86asm-0:1.0.2-22.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jsch-agent-proxy-0:0.0.8-14.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-junit5-0:5.7.0-1.2.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jython-0:2.7.1-14.1.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-jzlib-0:1.1.3-15.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-lucene-0:8.6.3-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-maven-archetype-0:3.2.0-1.1.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-maven-indexer-0:6.0.0-5.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-netty-0:4.1.51-1.2.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-objectweb-asm-0:8.0.1-1.2.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-opentest4j-0:1.2.0-4.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-os-maven-plugin-0:1.6.2-2.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-sac-0:1.3-34.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-sat4j-0:2.3.5-20.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-sequence-library-0:1.0.3-8.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-sqljet-0:1.1.10-18.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-stringtemplate-0:3.2.1-24.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-svnkit-1:1.8.12-9.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-takari-polyglot-0:0.4.5-2.1.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-trilead-ssh2-0:217.21-3.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-tycho-0:1.7.0-2.5.el7_9" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-univocity-parsers-0:2.9.0-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-ws-commons-util-0:1.0.2-14.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-xmlgraphics-commons-0:2.4-1.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-xml-maven-plugin-0:1.0.2-7.1.el7" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2020-11-23T00:00:00Z", "advisory" : "RHSA-2020:5168", "cpe" : "cpe:/a:redhat:devtools:2020", "package" : "rh-eclipse-xmlrpc-1:3.1.3-27.1.el7" }, { "product_name" : "Red Hat Fuse 7.9", "release_date" : "2021-08-11T00:00:00Z", "advisory" : "RHSA-2021:3140", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "jetty" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-controller-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-operator-bundle:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-registry-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-ui-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-rhel8:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2021-06-30T00:00:00Z", "advisory" : "RHSA-2021:2517", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "jenkins-0:2.289.1.1624365627-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.5", "release_date" : "2021-07-02T00:00:00Z", "advisory" : "RHSA-2021:2431", "cpe" : "cpe:/a:redhat:openshift:4.5::el7", "package" : "jenkins-0:2.277.3.1623846768-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.6", "release_date" : "2021-06-29T00:00:00Z", "advisory" : "RHSA-2021:2499", "cpe" : "cpe:/a:redhat:openshift:4.6::el8", "package" : "jenkins-0:2.277.3.1623853726-1.el8" } ], "package_state" : [ { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Not affected", "package_name" : "jetty", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "jetty-eclipse", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "jetty", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "jetty", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat JBoss A-MQ 6", "fix_state" : "Out of support scope", "package_name" : "jetty", "cpe" : "cpe:/a:redhat:jboss_amq:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "jetty", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "jetty", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-metering-hadoop", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-metering-hive", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "jetty", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Not affected", "package_name" : "jetty", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-27216\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27216\nhttps://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053" ], "name" : "CVE-2020-27216", "mitigation" : { "value" : "Jetty users should create temp folders outside the normal /tmp structure, and ensure that their permissions are set so as not to be accessible by an attacker.", "lang" : "en:us" }, "csaw" : false }