← Back

CVE-2020-8026

nvd nist
Published: Aug 7, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

Affected (5)

Opensuse
3 products
Backports Sle
Leap
Tumbleweed
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Backports Sle
Version 15.0 sp1
Backports Sle
Version 15.0 sp2
Opensuse
Leap
Version 15.1
Leap
Version 15.2
Tumbleweed
Up to 2.6.2-4.2

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (10)

Source: meissner@suse.de
Mailing ListThird Party Advisory
Source: meissner@suse.de
Mailing ListThird Party Advisory
Source: meissner@suse.de
Mailing ListThird Party Advisory
Source: meissner@suse.de
Mailing ListThird Party Advisory
Source: meissner@suse.de
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory

Timeline

No history available yet.