In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
XmlParser is vulnerable to XML external entity (XXE) vulnerability.
XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit this vulnerability in order to achieve SSRF or cause a denial of service. One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the WAR includes a malicious web.xml. The vulnerability is patched in versions 10.0.16, 11.0.16, and 12.0.0.
Vulnerable Library - jetty-webapp-9.4.3.v20170317.jar
Jetty web application support
Library home page: https://webtide.com
Path to dependency file: /nifi-nar-bundles/nifi-jetty-bundle/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/eclipse/jetty/jetty-webapp/9.4.3.v20170317/jetty-webapp-9.4.3.v20170317.jar
Found in HEAD commit: 0707e245fb382da58db8bb8ec5ccff5d9ae55c39
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-27216
### Vulnerable Library - jetty-webapp-9.4.3.v20170317.jarJetty web application support
Library home page: https://webtide.com
Path to dependency file: /nifi-nar-bundles/nifi-jetty-bundle/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/eclipse/jetty/jetty-webapp/9.4.3.v20170317/jetty-webapp-9.4.3.v20170317.jar
Dependency Hierarchy: - :x: **jetty-webapp-9.4.3.v20170317.jar** (Vulnerable Library)
Found in HEAD commit: 0707e245fb382da58db8bb8ec5ccff5d9ae55c39
Found in base branch: master
### Vulnerability DetailsIn Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
Publish Date: 2020-10-23
URL: CVE-2020-27216
### CVSS 3 Score Details (7.0)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921
Release Date: 2020-10-23
Fix Resolution: 9.4.33.v20201020
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.WS-2023-0236
### Vulnerable Library - jetty-xml-9.4.3.v20170317.jarThe jetty xml utilities.
Library home page: https://webtide.com
Path to dependency file: /nifi-nar-bundles/nifi-jetty-bundle/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/eclipse/jetty/jetty-xml/9.4.3.v20170317/jetty-xml-9.4.3.v20170317.jar
Dependency Hierarchy: - jetty-webapp-9.4.3.v20170317.jar (Root Library) - :x: **jetty-xml-9.4.3.v20170317.jar** (Vulnerable Library)
Found in HEAD commit: 0707e245fb382da58db8bb8ec5ccff5d9ae55c39
Found in base branch: master
### Vulnerability DetailsXmlParser is vulnerable to XML external entity (XXE) vulnerability. XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit this vulnerability in order to achieve SSRF or cause a denial of service. One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the WAR includes a malicious web.xml. The vulnerability is patched in versions 10.0.16, 11.0.16, and 12.0.0.
Publish Date: 2023-07-10
URL: WS-2023-0236
### CVSS 3 Score Details (3.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: High - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/eclipse/jetty.project/security/advisories/GHSA-58qw-p7qm-5rvh
Release Date: 2023-07-10
Fix Resolution (org.eclipse.jetty:jetty-xml): 9.4.52.v20230823
Direct dependency fix Resolution (org.eclipse.jetty:jetty-webapp): 9.4.39.v20210325
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.