How severe is CVE-2020-27216?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2020-27216?

This is classified as CWE-378, which is a common weakness in software security.

CVE-2020-27216 - HIGH Severity | CVSS 7

Vulnerability Description

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

Related Vulnerabilities

CVE-2021-21363

HIGH

CVSS:7.0(High)

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger defin...

CWE-3782021

CVE-2023-6917

MEDIUM

CVSS:6.7(Medium)

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate...

CWE-3782023

CVE-2025-32979

MEDIUM

CVSS:6.5(Medium)

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.

CWE-3782025

CVE-2016-9485

HIGH

CVSS:7.8(High)

On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration i...

CWE-3782016

CVE-2021-1426

HIGH

CVSS:7.8(High)

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executabl...

CWE-3782021

CVE-2021-1427

HIGH

CVSS:7.8(High)

CWE-3782021