CVE-2020-27225: Missing Authentication for Critical Function

March 9, 2021 (updated March 18, 2021)

of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=569855
nvd.nist.gov/vuln/detail/CVE-2020-27225

Code Behaviors & Features

Detect and mitigate CVE-2020-27225 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →