CVSS: 6.5EPSS: 4%CPEs: 13EXPL: 0CVE-2020-6950 – Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
https://notcve.org/view.php?id=CVE-2020-6950
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Una vulnerabilidad de Salto de Directorio en Eclipse Mojarra versiones anteriores a 2.3.14, permite a atacantes leer archivos arbitrarios por medio del parámetro loc o del parámetro con A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943 https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 https://github.com/eclipse-ee4j/mojarra/issues/4571 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2020-6950 https://bugzilla.redhat.com/show_bug.cgi?id=1805006 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10689 – che: pods in kubernetes cluster can bypass JWT proxy and send unauthenticated requests to workspace pods
https://notcve.org/view.php?id=CVE-2020-10689
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod. Se detectó un fallo en el Eclipse Che versiones hasta 7.8.x, donde no se restringe apropiadamente el acceso a unos pods del espacio de trabajo. Un usuario autenticado puede explotar este fallo para omitir un proxy JWT y conseguir acceso a los pods del espacio de trabajo de otro usuario. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689 https://github.com/eclipse/che/issues/15651 https://access.redhat.com/security/cve/CVE-2020-10689 https://bugzilla.redhat.com/show_bug.cgi?id=1816789 • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17636
https://notcve.org/view.php?id=CVE-2019-17636
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit. En Eclipse Theia versiones 0.3.9 hasta la versión 0.15.0, una de las extensiones de Theia pre-empaquetadas predeterminadas es "Mini-Browser", publicada como "@theia/mini-browser" en npmjs.com. Esta extensión, para sus propias necesidades, expone un endpoint HTTP que permite leer el contenido de los archivos en el sistema de archivos del host, entregar su ruta, sin restricciones en el origen del solicitante. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17635
https://notcve.org/view.php?id=CVE-2019-17635
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=558633 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17634
https://notcve.org/view.php?id=CVE-2019-17634
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=552542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •