{"containers": {"cna": {"affected": [{"product": "Eclipse Platform", "vendor": "The Eclipse Foundation", "versions": [{"lessThanOrEqual": "4.18", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-09T18:15:16", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2020-27225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Platform", "version": {"version_data": [{"version_affected": "<=", "version_value": "4.18"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306: Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:11:36.031Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2020-27225", "datePublished": "2021-03-09T18:15:16", "dateReserved": "2020-10-19T00:00:00", "dateUpdated": "2024-08-04T16:11:36.031Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3957E24-1D2D-4B2E-BE0B-45D68C7ED1F2", "versionEndIncluding": "4.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process."}, {"lang": "es", "value": "En las versiones 4.18 y anteriores de la Eclipse Platform, el Subsistema de Ayuda no autentica unas peticiones de ayuda activas en el servidor web de ayuda local, permitiendo a un atacante local no autenticado emitir comandos de ayuda activos al proceso asociado de Eclipse Platform o al proceso de Eclipse Rich Client Platform"}], "id": "CVE-2020-27225", "lastModified": "2024-11-21T05:20:54.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-09T19:15:12.237", "references": [{"source": "emo@eclipse.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "emo@eclipse.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-1:4.19-4.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-apache-sshd-1:2.6.0-1.2.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-batik-0:1.14-1.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-eclipse-1:4.19-1.3.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-eclipse-egit-0:5.11.0-1.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-eclipse-emf-1:2.25.0-1.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-eclipse-jgit-0:5.11.0-1.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-jakarta-annotations-0:1.3.5-7.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-jetty-0:9.4.38-1.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-jgit-0:5.11.0-1.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-objectweb-asm-0:9.1-1.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-takari-polyglot-0:0.4.6-1.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-tycho-0:2.2.0-4.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}, {"advisory": "RHEA-2021:1441", "cpe": "cpe:/a:redhat:devtools:2021", "package": "rh-eclipse-xmlgraphics-commons-0:2.6-1.1.el7_9", "product_name": "Red Hat Developer Tools", "release_date": "2021-04-28T00:00:00Z"}], "bugzilla": {"description": "eclipse: Help Subsystem does not authenticate active help requests", "id": "1939630", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939630"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-287", "details": ["In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.", "It was found that the Eclipse Platform does not authenticate requests to the Help subsystem on the local web server. A local attacker could use this vulnerability to disrupt the Eclipse user's session, potentially causing Eclipse to damage or disclose data owned by that user."], "name": "CVE-2020-27225", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "eclipse", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "eclipse", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2021-03-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-27225\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27225"], "threat_severity": "Moderate"}