CVE-2013-2027

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
opensuseopensuse
13.1
opensuseopensuse
13.2
jython_projectjython
2.2.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jython
bullseye
2.7.2+repack1-3
fixed
stretch
ignored
jessie
ignored
wheezy
no-dsa
squeeze
no-dsa
sid
2.7.3+repack1-1
fixed
trixie
2.7.3+repack1-1
fixed
bookworm
2.7.3+repack1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jython
zesty
Fixed 2.5.3-15ubuntu0.1
released
yakkety
ignored
xenial
Fixed 2.5.3-9ubuntu0.1
released
wily
ignored
vivid
ignored
utopic
ignored
trusty
Fixed 2.5.3-1ubuntu0.1
released
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2015-0096.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:158
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://bugzilla.redhat.com/show_bug.cgi?id=947949
http://advisories.mageia.org/MGASA-2015-0096.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:158
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://bugzilla.redhat.com/show_bug.cgi?id=947949