vulnerability
Arch Linux: Privilege escalation (CVE-2020-17521)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Dec 7, 2020 | Jul 11, 2025 | Nov 27, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Dec 7, 2020
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
Groovy before version 2.5.14 may create temporary directories within the OS temporary directory which is shared between all users on affected systems. Groovy will create such directories for internal use when producing Java Stubs or on behalf of user code via two extension methods for creating temporary directories. If Groovy user code uses either of these extension methods, and stores executable code in the resulting temporary directory, this can lead to local privilege escalation. If such Groovy code is making use of the temporary directory to store sensitive information, such information could be exposed or modified.
Solution
arch-linux-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.