CVE-2013-2027

Published: Feb 13, 2015Modified: May 6, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

Affected (3)

Products: Opensuse: Opensuse · Jython Project: Jython

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Jython Project Jython	Version 2.2.1

Related CWEs

CWE-264

References (10)

http://advisories.mageia.org/MGASA-2015-0096.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:158

Source: secalert@redhat.com

Broken Link

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=947949

Source: secalert@redhat.com

Issue Tracking

http://advisories.mageia.org/MGASA-2015-0096.html