mboskamp
commented
3 months ago Hi @rama280290, Thank you for contacting us. Please refer to https://camunda.com/trust-center/reporting-vulnerabilities/ for how to open security reports. Please also ensure to always add links to CVE numbers or official documentation about the vulnerability.
Assuming that you are referring to CVE-2020-27216, I already created a ticket in our vulnerability tracker. I can confirm that Camunda Platform 7 is not affected as Jetty is only used as a test dependency, and no code is executed from temp directories. However, we will still investigate the situation further and consider moving to a non-vulnerable version.
Thanks again, Miklas
Upgrade org.eclipse.jetty:jetty-webapp to version 9.4.33.v20201020 or later.
On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
https://github.com/camunda/camunda-bpm-platform/blob/-/webapps/pom.xml