{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2020-27216","title":"Title"},{"category":"description","text":"In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2020-27216","url":"https://www.suse.com/security/cve/CVE-2020-27216"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1192159 for CVE-2020-27216","url":"https://bugzilla.suse.com/1192159"}],"title":"SUSE CVE CVE-2020-27216","tracking":{"current_release_date":"2025-08-30T23:50:25Z","generator":{"date":"2023-02-15T03:52:47Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2020-27216","initial_release_date":"2023-02-15T03:52:47Z","revision_history":[{"date":"2023-02-15T03:52:47Z","number":"2","summary":"Current version"},{"date":"2025-01-01T05:12:52Z","number":"3","summary":"Current version"},{"date":"2025-01-10T03:05:16Z","number":"4","summary":"Current version"},{"date":"2025-02-15T05:51:31Z","number":"5","summary":"Current version"},{"date":"2025-02-17T06:13:06Z","number":"6","summary":"Current version"},{"date":"2025-03-13T16:04:43Z","number":"7","summary":"Current version"},{"date":"2025-03-15T09:36:56Z","number":"8","summary":"Current version"},{"date":"2025-04-25T05:14:53Z","number":"9","summary":"Current version"},{"date":"2025-08-30T23:50:25Z","number":"10","summary":"Current version"}],"status":"interim","version":"10"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Enterprise Storage 7","product":{"name":"SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7","product_identification_helper":{"cpe":"cpe:/o:suse:ses:7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP2","product":{"name":"SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP2","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Development Tools 15 SP2","product":{"name":"SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-development-tools:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2","product":{"name":"SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp2"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.1","product":{"name":"SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.1"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.1","product":{"name":"SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.1"}}},{"category":"product_name","name":"SUSE Manager Server 4.1","product":{"name":"SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.1"}}},{"category":"product_version","name":"jetty-http","product":{"name":"jetty-http","product_id":"jetty-http","product_identification_helper":{"cpe":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/jetty-http@?upstream=jetty-minimal.src.rpm"}}},{"category":"product_version","name":"jetty-io","product":{"name":"jetty-io","product_id":"jetty-io","product_identification_helper":{"cpe":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/jetty-io@?upstream=jetty-minimal.src.rpm"}}},{"category":"product_version","name":"jetty-minimal","product":{"name":"jetty-minimal","product_id":"jetty-minimal","product_identification_helper":{"cpe":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/jetty-minimal@"}}},{"category":"product_version","name":"jetty-security","product":{"name":"jetty-security","product_id":"jetty-security","product_identification_helper":{"cpe":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/jetty-security@?upstream=jetty-minimal.src.rpm"}}},{"category":"product_version","name":"jetty-server","product":{"name":"jetty-server","product_id":"jetty-server","product_identification_helper":{"cpe":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/jetty-server@?upstream=jetty-minimal.src.rpm"}}},{"category":"product_version","name":"jetty-servlet","product":{"name":"jetty-servlet","product_id":"jetty-servlet","product_identification_helper":{"cpe":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/jetty-servlet@?upstream=jetty-minimal.src.rpm"}}},{"category":"product_version","name":"jetty-util","product":{"name":"jetty-util","product_id":"jetty-util","product_identification_helper":{"cpe":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/jetty-util@?upstream=jetty-minimal.src.rpm"}}},{"category":"product_version","name":"jetty-util-ajax","product":{"name":"jetty-util-ajax","product_id":"jetty-util-ajax","product_identification_helper":{"cpe":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/jetty-util-ajax@?upstream=jetty-minimal.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"jetty-http as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:jetty-http"},"product_reference":"jetty-http","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-io as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:jetty-io"},"product_reference":"jetty-io","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-security as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:jetty-security"},"product_reference":"jetty-security","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-server as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:jetty-server"},"product_reference":"jetty-server","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-servlet as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:jetty-servlet"},"product_reference":"jetty-servlet","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-util as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:jetty-util"},"product_reference":"jetty-util","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-util-ajax as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:jetty-util-ajax"},"product_reference":"jetty-util-ajax","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-minimal as component of SUSE Linux Enterprise Server 15 SP2","product_id":"SUSE Linux Enterprise Server 15 SP2:jetty-minimal"},"product_reference":"jetty-minimal","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-http as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:jetty-http"},"product_reference":"jetty-http","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-io as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:jetty-io"},"product_reference":"jetty-io","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-security as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:jetty-security"},"product_reference":"jetty-security","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-server as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:jetty-server"},"product_reference":"jetty-server","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-servlet as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:jetty-servlet"},"product_reference":"jetty-servlet","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-util as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:jetty-util"},"product_reference":"jetty-util","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-util-ajax as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:jetty-util-ajax"},"product_reference":"jetty-util-ajax","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-minimal as component of SUSE Linux Enterprise Desktop 15 SP2","product_id":"SUSE Linux Enterprise Desktop 15 SP2:jetty-minimal"},"product_reference":"jetty-minimal","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-http as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-http"},"product_reference":"jetty-http","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-io as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-io"},"product_reference":"jetty-io","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-security as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-security"},"product_reference":"jetty-security","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-server as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-server"},"product_reference":"jetty-server","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-servlet as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-servlet"},"product_reference":"jetty-servlet","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-util as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-util"},"product_reference":"jetty-util","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-util-ajax as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-util-ajax"},"product_reference":"jetty-util-ajax","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-minimal as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-minimal"},"product_reference":"jetty-minimal","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-http as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-http"},"product_reference":"jetty-http","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-io as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-io"},"product_reference":"jetty-io","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-security as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-security"},"product_reference":"jetty-security","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-server as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-server"},"product_reference":"jetty-server","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-servlet as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-servlet"},"product_reference":"jetty-servlet","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-util as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-util"},"product_reference":"jetty-util","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-util-ajax as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-util-ajax"},"product_reference":"jetty-util-ajax","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-minimal as component of SUSE Linux Enterprise High Performance Computing 15 SP2","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-minimal"},"product_reference":"jetty-minimal","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-http as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:jetty-http"},"product_reference":"jetty-http","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-io as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:jetty-io"},"product_reference":"jetty-io","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-security as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:jetty-security"},"product_reference":"jetty-security","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-server as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:jetty-server"},"product_reference":"jetty-server","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-servlet as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:jetty-servlet"},"product_reference":"jetty-servlet","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-util as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:jetty-util"},"product_reference":"jetty-util","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-util-ajax as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:jetty-util-ajax"},"product_reference":"jetty-util-ajax","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-minimal as component of SUSE Manager Server 4.1","product_id":"SUSE Manager Server 4.1:jetty-minimal"},"product_reference":"jetty-minimal","relates_to_product_reference":"SUSE Manager Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-http as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:jetty-http"},"product_reference":"jetty-http","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-io as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:jetty-io"},"product_reference":"jetty-io","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-security as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:jetty-security"},"product_reference":"jetty-security","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-server as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:jetty-server"},"product_reference":"jetty-server","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-servlet as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:jetty-servlet"},"product_reference":"jetty-servlet","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-util as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:jetty-util"},"product_reference":"jetty-util","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-util-ajax as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:jetty-util-ajax"},"product_reference":"jetty-util-ajax","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-minimal as component of SUSE Manager Proxy 4.1","product_id":"SUSE Manager Proxy 4.1:jetty-minimal"},"product_reference":"jetty-minimal","relates_to_product_reference":"SUSE Manager Proxy 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-http as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:jetty-http"},"product_reference":"jetty-http","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-io as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:jetty-io"},"product_reference":"jetty-io","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-security as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:jetty-security"},"product_reference":"jetty-security","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-server as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:jetty-server"},"product_reference":"jetty-server","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-servlet as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:jetty-servlet"},"product_reference":"jetty-servlet","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-util as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:jetty-util"},"product_reference":"jetty-util","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-util-ajax as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:jetty-util-ajax"},"product_reference":"jetty-util-ajax","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-minimal as component of SUSE Manager Retail Branch Server 4.1","product_id":"SUSE Manager Retail Branch Server 4.1:jetty-minimal"},"product_reference":"jetty-minimal","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.1"},{"category":"default_component_of","full_product_name":{"name":"jetty-http as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:jetty-http"},"product_reference":"jetty-http","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"jetty-io as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:jetty-io"},"product_reference":"jetty-io","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"jetty-security as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:jetty-security"},"product_reference":"jetty-security","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"jetty-server as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:jetty-server"},"product_reference":"jetty-server","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"jetty-servlet as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:jetty-servlet"},"product_reference":"jetty-servlet","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"jetty-util as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:jetty-util"},"product_reference":"jetty-util","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"jetty-util-ajax as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:jetty-util-ajax"},"product_reference":"jetty-util-ajax","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"jetty-minimal as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:jetty-minimal"},"product_reference":"jetty-minimal","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"jetty-http as component of SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-http"},"product_reference":"jetty-http","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-io as component of SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-io"},"product_reference":"jetty-io","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-security as component of SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-security"},"product_reference":"jetty-security","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-server as component of SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-server"},"product_reference":"jetty-server","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-servlet as component of SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-servlet"},"product_reference":"jetty-servlet","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-util as component of SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-util"},"product_reference":"jetty-util","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-util-ajax as component of SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-util-ajax"},"product_reference":"jetty-util-ajax","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"jetty-minimal as component of SUSE Linux Enterprise Module for Development Tools 15 SP2","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-minimal"},"product_reference":"jetty-minimal","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP2"}]},"vulnerabilities":[{"cve":"CVE-2020-27216","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-27216"}],"notes":[{"category":"general","text":"In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Enterprise Storage 7:jetty-http","SUSE Enterprise Storage 7:jetty-io","SUSE Enterprise Storage 7:jetty-minimal","SUSE Enterprise Storage 7:jetty-security","SUSE Enterprise Storage 7:jetty-server","SUSE Enterprise Storage 7:jetty-servlet","SUSE Enterprise Storage 7:jetty-util","SUSE Enterprise Storage 7:jetty-util-ajax","SUSE Linux Enterprise Desktop 15 SP2:jetty-http","SUSE Linux Enterprise Desktop 15 SP2:jetty-io","SUSE Linux Enterprise Desktop 15 SP2:jetty-minimal","SUSE Linux Enterprise Desktop 15 SP2:jetty-security","SUSE Linux Enterprise Desktop 15 SP2:jetty-server","SUSE Linux Enterprise Desktop 15 SP2:jetty-servlet","SUSE Linux Enterprise Desktop 15 SP2:jetty-util","SUSE Linux Enterprise Desktop 15 SP2:jetty-util-ajax","SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-http","SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-io","SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-minimal","SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-security","SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-server","SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-servlet","SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-util","SUSE Linux Enterprise High Performance Computing 15 SP2:jetty-util-ajax","SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-http","SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-io","SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-minimal","SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-security","SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-server","SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-servlet","SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-util","SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-util-ajax","SUSE Linux Enterprise Server 15 SP2:jetty-http","SUSE Linux Enterprise Server 15 SP2:jetty-io","SUSE Linux Enterprise Server 15 SP2:jetty-minimal","SUSE Linux Enterprise Server 15 SP2:jetty-security","SUSE Linux Enterprise Server 15 SP2:jetty-server","SUSE Linux Enterprise Server 15 SP2:jetty-servlet","SUSE Linux Enterprise Server 15 SP2:jetty-util","SUSE Linux Enterprise Server 15 SP2:jetty-util-ajax","SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-http","SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-io","SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-minimal","SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-security","SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-server","SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-servlet","SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-util","SUSE Linux Enterprise Server for SAP Applications 15 SP2:jetty-util-ajax","SUSE Manager Proxy 4.1:jetty-http","SUSE Manager Proxy 4.1:jetty-io","SUSE Manager Proxy 4.1:jetty-minimal","SUSE Manager Proxy 4.1:jetty-security","SUSE Manager Proxy 4.1:jetty-server","SUSE Manager Proxy 4.1:jetty-servlet","SUSE Manager Proxy 4.1:jetty-util","SUSE Manager Proxy 4.1:jetty-util-ajax","SUSE Manager Retail Branch Server 4.1:jetty-http","SUSE Manager Retail Branch Server 4.1:jetty-io","SUSE Manager Retail Branch Server 4.1:jetty-minimal","SUSE Manager Retail Branch Server 4.1:jetty-security","SUSE Manager Retail Branch Server 4.1:jetty-server","SUSE Manager Retail Branch Server 4.1:jetty-servlet","SUSE Manager Retail Branch Server 4.1:jetty-util","SUSE Manager Retail Branch Server 4.1:jetty-util-ajax","SUSE Manager Server 4.1:jetty-http","SUSE Manager Server 4.1:jetty-io","SUSE Manager Server 4.1:jetty-minimal","SUSE Manager Server 4.1:jetty-security","SUSE Manager Server 4.1:jetty-server","SUSE Manager Server 4.1:jetty-servlet","SUSE Manager Server 4.1:jetty-util","SUSE Manager Server 4.1:jetty-util-ajax"]},"references":[{"category":"external","summary":"CVE-2020-27216","url":"https://www.suse.com/security/cve/CVE-2020-27216"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1192159 for CVE-2020-27216","url":"https://bugzilla.suse.com/1192159"}],"threats":[{"category":"impact","date":"2020-10-23T21:03:28Z","details":"important"}],"title":"CVE-2020-27216"}]}