Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8026

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

Published

2020-08-07T10:15:11.987

Last Modified

2024-11-21T05:38:14.813

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	opensuse	backports_sle	15.0	Yes
Application	opensuse	backports_sle	15.0	Yes
Application	opensuse	tumbleweed	≤ 2.6.2-4.2	Yes
Operating System	opensuse	leap	15.1	Yes
Operating System	opensuse	leap	15.2	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html Mailing List, Third Party Advisory ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1172573 Issue Tracking, Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.suse.com/show_bug.cgi?id=1172573 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)