In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2021-03-09T18:15:16

Updated: 2024-08-04T16:11:36.031Z

Reserved: 2020-10-19T00:00:00

Link: CVE-2020-27225

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-09T19:15:12.237

Modified: 2024-11-21T05:20:54.000

Link: CVE-2020-27225

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-03-09T00:00:00Z

Links: CVE-2020-27225 - Bugzilla