CVE-2020-2778

Priority
Description
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE).
Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult
to exploit vulnerability allows unauthenticated attacker with network
access via HTTPS to compromise Java SE. Successful attacks of this
vulnerability can result in unauthorized read access to a subset of Java SE
accessible data. Note: Applies to client and server deployment of Java.
This vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using sandboxed
Java Web Start applications or sandboxed Java applets, such as through a
web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Notes
sbeattieonly affects openjdk-11 and newer
Package
Upstream:released (14.0.1+7-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):released (14.0.1+7-1ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):released (14.0.1+7-1ubuntu1)
Package
Upstream:not-affected (openjdk 11 and newer)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (openjdk-11 and newer)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (openjdk-11 and newer)
Ubuntu 19.10 (Eoan Ermine):not-affected (openjdk-11 and newer)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (openjdk-11 and newer)
Ubuntu 20.10 (Groovy Gorilla):not-affected (openjdk-11 and newer)
Package
Upstream:released (11.0.7+10-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (11.0.7+10-2ubuntu2~18.04)
Ubuntu 19.10 (Eoan Ermine):released (11.0.7+10-2ubuntu2~19.10)
Ubuntu 20.04 LTS (Focal Fossa):released (11.0.7+10-2ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):released (11.0.7+10-2ubuntu1)
More Information

Updated: 2020-05-29 00:14:30 UTC (commit 7449d4c0164f389447e661b61727ba1c93f0ab71)