Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-13009

CVE-2020-27216: Jetty webserver vulnerability

    XMLWordPrintable

    Details

    • Sprint:
      Horizon 2020 - Nov 11-Nov 24
    • Docs Needed:
      No

      Description

      GitHub detected a high severity vulnerability against our Jetty web server, seeĀ https://github.com/advisories/GHSA-g3wg-6mcf-8jj6. To mitigate the vulnerability we have to upgrade our Jetty web server from 9.4.30.v20200611 to 9.4.34.v20201102.

      The dependency bot from GitHub was not able to upgrade the latest version because we have a version limit in our pom.xml for the web app:

      <dependency>
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-webapp</artifactId>
       <version>[9.4.33,)</version>
      </dependency>
      

      or set a custom temp directory as workaround

      java -Djava.io.tmpdir=/var/web/work -jar start.jar
      

        Attachments

          Activity

            People

            Assignee:
            ranger Benjamin Reed
            Reporter:
            indigo Ronny Trommer
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration