CVE-2020-17521

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

pache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

References

Link	Resource
https://groovy-lang.org/security.html#CVE-2020-17521	Third Party Advisory
https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E
https://security.netapp.com/advisory/ntap-20201218-0006/	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://groovy-lang.org/security.html#CVE-2020-17521	Third Party Advisory
https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E
https://security.netapp.com/advisory/ntap-20201218-0006/	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:groovy::::::::
	cpe:2.3:a:apache:groovy::::::::
	cpe:2.3:a:apache:groovy::::::::
	cpe:2.3:a:apache:groovy:4.0.0:alpha1::::::

Configuration 2 (hide)

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.3:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
	cpe:2.3:a:oracle:agile_plm_mcad_connector:3.4:::::::*
	cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:::::::*
	cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:::::::*
	cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:::::::*
	cpe:2.3:a:oracle:hospitality_opera_5:5.6:::::::*
	cpe:2.3:a:oracle:ilearning:6.2:::::::*
	cpe:2.3:a:oracle:ilearning:6.3:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration::::::::
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.6.0:::::::*
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
	cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
	cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:::::::*
	cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:::::::*
	cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.10:::::::*
	cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.5:::::::*
	cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.5:::::::*

Configuration 4 (hide)

cpe:2.3:a:apache:atlas:2.1.0:-:*:*:*:*:*:*

History

21 Nov 2024, 05:08

Type	Values Removed	Values Added
References	~~() https://groovy-lang.org/security.html#CVE-2020-17521 - Third Party Advisory~~	() https://groovy-lang.org/security.html#CVE-2020-17521 - Third Party Advisory
References	~~() https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E -~~	() https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E -
References	~~() https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E -~~	() https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E -
References	~~() https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E -~~	() https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E -
References	~~() https://security.netapp.com/advisory/ntap-20201218-0006/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20201218-0006/ - Third Party Advisory
References	~~() https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory~~	() https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory

Information

Published : 2020-12-07 20:15

Updated : 2024-11-21 05:08

NVD link : CVE-2020-17521

Mitre link : CVE-2020-17521

CVE.ORG link : CVE-2020-17521

JSON object : View

Products Affected

oracle

apache

groovy
atlas

netapp

snapcenter

CWE

NVD-CWE-Other

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-17521

5.5^/10

2.1^/10

Attach tags to `CVE-2020-17521`