发布时间: 2022年7月22日
修改时间: 2024年10月31日
In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Local | Local |
| CVSS评分 | 7.8 | 7.8 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1656 | eclipse security update | 2022年7月22日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | eclipse | Fixed |
| KY3.4-5 | eclipse | Fixed |
| KY3.5.1 | eclipse | Fixed |
