GHSA-g3wg-6mcf-8jj6 · Severity: high · Ecosystem: maven — Local Temp Directory Hijacking Vulnerability
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
Conclusion & alert: CVE-2020-27216 is rated Exploit Available (52/100): CVSS High severity, with low exploitation likelihood (EPSS 0.09%). Core evidence: 2 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-03-04 | 0.03% | 0.09% | +0.06% |
| 2 | 2026-03-01 | 0.07% | 0.03% | -0.04% |
| 3 | 2026-02-04 | — | 0.07% | — |
Full EPSS history (45 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.0 | 3.1 | HIGH |
|
1.0 | 5.9 | [email protected] |
| 4.4 | 2.0 | MEDIUM |
|
3.4 | 6.4 | [email protected] |
GHSA-g3wg-6mcf-8jj6 · Severity: high · Ecosystem: maven — Local Temp Directory Hijacking Vulnerability
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2020-27216 not yet assigned priority: Debian including 1 source packages (jetty9), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2020-27216 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2020-27216 |
ubuntu
|
medium | CVE-2020-27216 medium priority: Ubuntu including 3 source packages (jetty, jetty8, jetty9), 48 status rows across 16 suites (bionic, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 27, not-affected 10, needs-triage 9, ignored 1, released 1. | https://ubuntu.com/security/CVE-2020-27216 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| eclipse | jetty | >= 1.0, < 9.3.29 | cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* |
| eclipse | jetty | >= 9.4.0, <= 9.4.32 | cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* |
| eclipse | jetty | 10.0.0 | cpe:2.3:a:eclipse:jetty:10.0.0:alpha1:*:*:*:*:*:* |
| eclipse | jetty | 10.0.0 | cpe:2.3:a:eclipse:jetty:10.0.0:beta0:*:*:*:*:*:* |
| eclipse | jetty | 10.0.0 | cpe:2.3:a:eclipse:jetty:10.0.0:beta1:*:*:*:*:*:* |
| eclipse | jetty | 10.0.0 | cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:* |
| eclipse | jetty | 11.0.0 | cpe:2.3:a:eclipse:jetty:11.0.0:alpha1:*:*:*:*:*:* |
| eclipse | jetty | 11.0.0 | cpe:2.3:a:eclipse:jetty:11.0.0:beta1:*:*:*:*:*:* |
| eclipse | jetty | 11.0.0 | cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:* |
| netapp | snap_creator_framework | — | cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* |
| netapp | snapcenter | — | cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* |
| netapp | vasa_provider | >= 7.2 | cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:clustered_data_ontap:*:* |
| netapp | virtual_storage_console | >= 7.2 | cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:* |
| netapp | storage_replication_adapter | >= 7.2 | cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:clustered_data_ontap:*:* |
| oracle | communications_application_session_controller | 3.9m0p2 | cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p2:*:*:*:*:*:*:* |
| oracle | communications_converged_application_server_-_service_controller | 6.2 | cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:* |
| oracle | communications_element_manager | >= 8.2.1, <= 8.2.2.1 | cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:* |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 | cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* |
| oracle | communications_pricing_design_center | 12.0.0.3.0 | cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:* |
| oracle | communications_services_gatekeeper | 7.0 | cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* |
| oracle | flexcube_core_banking | >= 11.5.0, <= 11.9.0 | cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:* |
| oracle | flexcube_private_banking | 12.0.0 | cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* |
| oracle | flexcube_private_banking | 12.1.0 | cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* |
| oracle | jd_edwards_enterpriseone_tools | < 9.2.6.0 | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* |
| oracle | siebel_core_-_automation | <= 21.5 | cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:* |
| apache | beam | 2.21.0 | cpe:2.3:a:apache:beam:2.21.0:*:*:*:*:*:*:* |
| apache | beam | 2.22.0 | cpe:2.3:a:apache:beam:2.22.0:*:*:*:*:*:*:* |
| apache | beam | 2.23.0 | cpe:2.3:a:apache:beam:2.23.0:*:*:*:*:*:*:* |
| apache | beam | 2.24.0 | cpe:2.3:a:apache:beam:2.24.0:*:*:*:*:*:*:* |
| apache | beam | 2.25.0 | cpe:2.3:a:apache:beam:2.25.0:*:*:*:*:*:*:* |
| debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| debian | debian_linux | 10.0 | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |