CVE-2020-8024

Published: Jun 29, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Exploitability: 1.8 / Impact: 3.4

Source: NVD

Description

A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.

Affected (3)

Products: Opensuse: Hylafax+

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opensuse Hylafax+	Before 7.0.2-lp152.2.1

Running on/with	Platform Versions
Opensuse Leap	Version 15.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Hylafax+	Before 5.6.1-lp151.3.7

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opensuse Hylafax+	Before 7.0.2-2.1

Running on/with	Platform Versions
Opensuse Leap	Version 15.1

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00022.html

Source: meissner@suse.de

Mailing ListPatchVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1172731

Source: meissner@suse.de

Issue TrackingVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00022.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1172731

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.