ALT-PU-2021-1999-1
Closed vulnerabilities
Published: 2017-11-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-15288
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://scala-lang.org/news/security-update-nov17.html
- http://scala-lang.org/news/security-update-nov17.html
- https://github.com/scala/scala/pull/6108
- https://github.com/scala/scala/pull/6108
- https://github.com/scala/scala/pull/6120
- https://github.com/scala/scala/pull/6120
- https://github.com/scala/scala/pull/6128
- https://github.com/scala/scala/pull/6128
- [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar
- [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [kafka-jira] 20210214 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [kafka-jira] 20210214 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [kafka-jira] 20210212 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [kafka-jira] 20210212 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [druid-commits] 20210302 [GitHub] [druid] maytasm merged pull request #10933: Suppress CVE-2017-15288 and upgrade bcprov-ext-jdk15on
- [druid-commits] 20210302 [GitHub] [druid] maytasm merged pull request #10933: Suppress CVE-2017-15288 and upgrade bcprov-ext-jdk15on
- [druid-commits] 20210302 [GitHub] [druid] abhishekagarwal87 opened a new pull request #10933: Suppress CVE-2017-15288 and upgrade bcprov-ext-jdk15on
- [druid-commits] 20210302 [GitHub] [druid] abhishekagarwal87 opened a new pull request #10933: Suppress CVE-2017-15288 and upgrade bcprov-ext-jdk15on
- [kafka-jira] 20210211 [jira] [Updated] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [kafka-jira] 20210211 [jira] [Updated] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [kafka-jira] 20210215 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [kafka-jira] 20210215 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [kafka-dev] 20210215 [jira] [Resolved] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [kafka-dev] 20210215 [jira] [Resolved] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [kafka-dev] 20210211 [jira] [Created] (KAFKA-12325) Update to secure versions of scala libraries due to CVE-2017-15288
- [kafka-dev] 20210211 [jira] [Created] (KAFKA-12325) Update to secure versions of scala libraries due to CVE-2017-15288
- [kafka-jira] 20210211 [jira] [Created] (KAFKA-12325) Update to secure versions of scala libraries due to CVE-2017-15288
- [kafka-jira] 20210211 [jira] [Created] (KAFKA-12325) Update to secure versions of scala libraries due to CVE-2017-15288
- [kafka-jira] 20210215 [jira] [Resolved] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- [kafka-jira] 20210215 [jira] [Resolved] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?
- GLSA-201812-08
- GLSA-201812-08