CVE-2020-17521

Published Dec 7, 2020

Last updated a year ago

CVSS medium 5.5

Overview

Description: Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "456A1063-1BEE-435C-8767-0A994A1E4F9E",
            "versionEndIncluding": "2.4.20",
            "versionStartIncluding": "2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3AA8344-EDA5-4DD3-8A06-0AA3588420E5",
            "versionEndIncluding": "2.5.13",
            "versionStartIncluding": "2.5.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC0AC067-60A2-4A32-9A4A-0C24F8BE9D7B",
            "versionEndIncluding": "3.0.6",
            "versionStartIncluding": "3.0.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:groovy:4.0.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A1B3EB0-63AD-41DA-920E-5DF8BCF6217A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64"
          },
          {
            "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C80E730D-EE38-4E85-A9F8-86D7F44A8488"
          },
          {
            "criteria": "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0C0714E-4255-4095-B26C-70EB193B8F98"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0971C780-60F9-4272-9D97-686896F9983A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06594847-96ED-4541-B2F4-C7331B603603"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A4D2E02-D02C-43F0-9A5A-DE359112C8F3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA4E8A1E-FBB5-4EAC-9A7F-6FE95A1B5F60"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3287751-9F54-4806-81D2-E28A42DF1407"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891"
          },
          {
            "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95D6A426-B914-401F-9AB0-5F5E3A3FE138"
          },
          {
            "criteria": "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D361A9A8-15B0-4527-868B-80998772F2AB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A667A37-59EB-4539-ADCA-D5F789DB6744"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E883986-13DA-470F-95C4-BEBD0EDFEB9C",
            "versionEndIncluding": "11.3.1",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEEAC2F0-2FD4-455B-BA9E-29F04A060C65"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "890D7B8E-772C-4CB3-B208-ADFB0A1D7AD5",
            "versionEndIncluding": "17.12.10",
            "versionStartIncluding": "17.12.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
            "versionEndIncluding": "17.12",
            "versionStartIncluding": "17.7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "254D8CE1-E821-44A6-9CAF-03D03986478B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C5D2391-A8AD-4593-939D-80A6A5839C0E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA07EE18-15DE-4846-AADD-A3AC055DA94B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F01362F-FF62-45EB-91E2-AF4D05011837"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:atlas:2.1.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4223F0EE-9464-4CAA-9745-BDC5402A02F5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References