CVE-2020-27225

Upstream information

CVE-2020-27225 at MITRE

Description

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1183728 [NEW]

SUSE Security Advisories:

openSUSE-SU-2021:0485-1, published Tue Mar 30 09:38:32 2021

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2	`eclipse-contributor-tools >= 4.9.0-4.3.8` `eclipse-contributor-tools-bootstrap >= 4.9.0-4.3.8` `eclipse-equinox-osgi >= 4.9.0-4.3.8` `eclipse-equinox-osgi-bootstrap >= 4.9.0-4.3.8` `eclipse-jdt >= 4.9.0-4.3.8` `eclipse-jdt-bootstrap >= 4.9.0-4.3.8` `eclipse-p2-discovery >= 4.9.0-4.3.8` `eclipse-p2-discovery-bootstrap >= 4.9.0-4.3.8` `eclipse-pde >= 4.9.0-4.3.8` `eclipse-pde-bootstrap >= 4.9.0-4.3.8` `eclipse-platform >= 4.9.0-4.3.8` `eclipse-platform-bootstrap >= 4.9.0-4.3.8` `eclipse-swt >= 4.9.0-4.3.8` `eclipse-swt-bootstrap >= 4.9.0-4.3.8` `eclipse-tests >= 4.9.0-4.3.8` `eclipse-tests-bootstrap >= 4.9.0-4.3.8`	Patchnames: SUSE-SLE-Module-Development-Tools-OBS-15-SP2-2021-957
openSUSE Leap 15.2	`eclipse-bootstrap-debuginfo >= 4.9.0-lp152.3.3.1` `eclipse-bootstrap-debugsource >= 4.9.0-lp152.3.3.1` `eclipse-contributor-tools >= 4.9.0-lp152.3.3.1` `eclipse-contributor-tools-bootstrap >= 4.9.0-lp152.3.3.1` `eclipse-debuginfo >= 4.9.0-lp152.3.3.1` `eclipse-debugsource >= 4.9.0-lp152.3.3.1` `eclipse-equinox-osgi >= 4.9.0-lp152.3.3.1` `eclipse-equinox-osgi-bootstrap >= 4.9.0-lp152.3.3.1` `eclipse-jdt >= 4.9.0-lp152.3.3.1` `eclipse-jdt-bootstrap >= 4.9.0-lp152.3.3.1` `eclipse-p2-discovery >= 4.9.0-lp152.3.3.1` `eclipse-p2-discovery-bootstrap >= 4.9.0-lp152.3.3.1` `eclipse-pde >= 4.9.0-lp152.3.3.1` `eclipse-pde-bootstrap >= 4.9.0-lp152.3.3.1` `eclipse-platform >= 4.9.0-lp152.3.3.1` `eclipse-platform-bootstrap >= 4.9.0-lp152.3.3.1` `eclipse-platform-bootstrap-debuginfo >= 4.9.0-lp152.3.3.1` `eclipse-platform-debuginfo >= 4.9.0-lp152.3.3.1` `eclipse-swt >= 4.9.0-lp152.3.3.1` `eclipse-swt-bootstrap >= 4.9.0-lp152.3.3.1` `eclipse-swt-bootstrap-debuginfo >= 4.9.0-lp152.3.3.1` `eclipse-swt-debuginfo >= 4.9.0-lp152.3.3.1` `eclipse-tests >= 4.9.0-lp152.3.3.1` `eclipse-tests-bootstrap >= 4.9.0-lp152.3.3.1`	Patchnames: openSUSE-2021-485
openSUSE Leap 15.3 SLE Imports	`eclipse-bootstrap-debuginfo >= 4.9.0-4.3.8` `eclipse-bootstrap-debugsource >= 4.9.0-4.3.8` `eclipse-contributor-tools >= 4.9.0-4.3.8` `eclipse-contributor-tools-bootstrap >= 4.9.0-4.3.8` `eclipse-debuginfo >= 4.9.0-4.3.8` `eclipse-debugsource >= 4.9.0-4.3.8` `eclipse-equinox-osgi >= 4.9.0-4.3.8` `eclipse-equinox-osgi-bootstrap >= 4.9.0-4.3.8` `eclipse-jdt >= 4.9.0-4.3.8` `eclipse-jdt-bootstrap >= 4.9.0-4.3.8` `eclipse-p2-discovery >= 4.9.0-4.3.8` `eclipse-p2-discovery-bootstrap >= 4.9.0-4.3.8` `eclipse-pde >= 4.9.0-4.3.8` `eclipse-pde-bootstrap >= 4.9.0-4.3.8` `eclipse-platform >= 4.9.0-4.3.8` `eclipse-platform-bootstrap >= 4.9.0-4.3.8` `eclipse-platform-bootstrap-debuginfo >= 4.9.0-4.3.8` `eclipse-platform-debuginfo >= 4.9.0-4.3.8` `eclipse-swt >= 4.9.0-4.3.8` `eclipse-swt-bootstrap >= 4.9.0-4.3.8` `eclipse-swt-bootstrap-debuginfo >= 4.9.0-4.3.8` `eclipse-swt-debuginfo >= 4.9.0-4.3.8` `eclipse-tests >= 4.9.0-4.3.8` `eclipse-tests-bootstrap >= 4.9.0-4.3.8`	Patchnames: SUSE-2021-957

CVE-2020-27225

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Support Offerings

Global Services

Support Resources

Partners

Communities

About