CVE-2013-2027

Opensuse < 2.7.2b3 - Access Control

Title source: rule
STIX 2.1

Description

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

References (5)

Core 5
Core References
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:158
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=947949
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2015-0096.html

Scores

EPSS 0.0044
EPSS Percentile 35.7%

Details

CWE
CWE-264
Status published
Products (4)
jython_project/jython 2.2.1
opensuse/opensuse 13.1
opensuse/opensuse 13.2
org.python/jython-standalone 0 - 2.7.2b3Maven
Published Feb 13, 2015
Tracked Since Feb 18, 2026