In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: eclipse
Published: 2021-03-09T18:15:16
Updated: 2024-08-04T16:11:36.031Z
Reserved: 2020-10-19T00:00:00
Link: CVE-2020-27225
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-09T19:15:12.237
Modified: 2024-11-21T05:20:54.000
Link: CVE-2020-27225
Redhat