CVE-2020-0822: Improper Privilege Management

March 12, 2020 (updated September 15, 2021)

An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka ‘Windows Language Pack Installer Elevation of Privilege Vulnerability’. Note this is due to axis2 clustering including a dependency to tomcat which is vulnerable to this issue.

References

lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2020-0822
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0822

Code Behaviors & Features

Detect and mitigate CVE-2020-0822 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →