CVE-2013-2027 — Incorrect Permission Assignment in Jython

CWE-264 CWE-732 — Incorrect Permission Assignment CWE-281 — Improper Preservation of Permissions7 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 94.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jython Project Jython Debian Jython Opensuse

Timeline

PublishedFeb 13

Latest updateMay 14

Description

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/jython< jython 2.7.1+repack-1 (bookworm)

▶Debianjython_project/jython< 2.7.1+repack-1+3

▶NVDjython_project/jython2.2.1

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

OSV

Jython Improper Access Restrictions vulnerability↗2022-05-14

▶

GHSA

Jython Improper Access Restrictions vulnerability↗2022-05-14

▶

OSV

CVE-2013-2027: Jython 2↗2015-02-13

▶

📋Vendor Advisories

Red Hat

Jython creates executables class files with wrong permissions↗2013-04-03

▶

Debian

CVE-2013-2027: jython - Jython 2.2.1 uses the current umask to set the privileges of the class cache fil...↗2013

▶

💬Community

Bugzilla

CVE-2013-2027 Jython creates executables class files with wrong permissions↗2013-04-03

▶