Unrated severityNVD Advisory· Published Mar 9, 2021· Updated Aug 4, 2024
CVE-2020-27225
CVE-2020-27225
Description
In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
Affected products
4<=4.18+ 1 more
- (no CPE)range: <=4.18
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/eclipse-bootstrap&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/eclipse&distro=openSUSE%20Leap%2015.2
< 4.9.0-lp152.3.3.1+ 1 more
- (no CPE)range: < 4.9.0-lp152.3.3.1
- (no CPE)range: < 4.9.0-lp152.3.3.1
Patches
Vulnerability mechanics
References
1- bugs.eclipse.org/bugs/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.