Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-8023
HistorySep 01, 2020 - 12:15 p.m.

CVE-2020-8023

2020-09-0112:15:10
CWE-349
[email protected]
web.nvd.nist.gov
120
cve-2020-8023
vulnerability
openldap2
suse
escalation of privileges
security issue
local attack

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.

Affected configurations

NVD
Node
opensuseopenldap2Range<2.4.41-18.71.2
AND
suseenterprise_storageMatch5.0
OR
suseopenstack_cloudMatch7.0
OR
suseopenstack_cloudMatch8.0
OR
suseopenstack_cloud_crowbarMatch8.0
OR
suselinux_enterprise_serverMatch12sp2
OR
suselinux_enterprise_serverMatch12sp2sap
OR
suselinux_enterprise_serverMatch12sp2ltss
OR
suselinux_enterprise_serverMatch12sp3sap
OR
suselinux_enterprise_serverMatch12sp3--
OR
suselinux_enterprise_serverMatch12sp3ltss
OR
suselinux_enterprise_serverMatch12sp4
OR
suselinux_enterprise_serverMatch12sp5
Node
opensuseopenldap2Range<2.4.26-0.74.13.1
AND
suselinux_enterprise_debuginfoMatch11sp3
OR
suselinux_enterprise_debuginfoMatch11sp4
OR
suselinux_enterprise_point_of_saleMatch11sp3
OR
suselinux_enterprise_serverMatch11-
OR
suselinux_enterprise_serverMatch11sp4ltss
Node
opensuseopenldap2Range<2.4.46-9.31.1
AND
suselinux_enterprise_serverMatch15ltss
OR
suselinux_enterprise_serverMatch15sap
Node
opensuseopenldap2Range<2.4.46-lp151.10.12.1
AND
opensuseleapMatch15.1
OR
opensuseleapMatch15.2

CNA Affected

[
  {
    "product": "SUSE Enterprise Storage 5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Debuginfo 11-SP3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.26-0.74.13.1,",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Debuginfo 11-SP4",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.26-0.74.13.1,",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Point of Sale 11-SP3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.26-0.74.13.1,",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 11-SECURITY",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.26-0.74.13.1",
        "status": "affected",
        "version": "openldap2-client-openssl1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 11-SP4-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.26-0.74.13.1,",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP2-BCL",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP2-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP3-BCL",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP3-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP4",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 15-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.46-9.31.1",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 12-SP2",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 12-SP3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.46-9.31.1",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE OpenStack Cloud 7",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE OpenStack Cloud 8",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE OpenStack Cloud Crowbar 8",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Leap 15.1",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "2.4.46-lp151.10.12.1",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Leap 15.2",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "2.4.46-lp152.14.3.1",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  }
]

Related

nessus 6
nvd 1
suse 2
openvas 6
cvelist 1
prion 1
nessus
nessus
SUSE SLES11 Security Update : openldap2 (SUSE-SU-2020:14419-1)
2021-06-10 00:00:00
SUSE SLED15 / SLES15 Security Update : openldap2 (SUSE-SU-2020:1856-1)
2020-07-09 00:00:00
SUSE SLES12 Security Update : openldap2 (SUSE-SU-2020:1855-1)
2020-07-09 00:00:00
nvd
nvd
CVE-2020-8023
2020-09-01 12:15:10
suse
suse
Security update for openldap2 (important)
2020-07-14 00:00:00
Security update for openldap2 (important)
2020-07-17 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:1855-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for openldap2 (openSUSE-SU-2020:0976-1)
2020-07-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:14419-1)
2021-06-09 00:00:00
cvelist
cvelist
CVE-2020-8023 Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2
2020-07-06 00:00:00
prion
prion
Code injection
2020-09-01 12:15:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for CVE-2020-8023
nessus6nvd1suse2openvas6cvelist1prion1