Lucene search

[email protected]CVE-2020-8026

HistoryAug 07, 2020 - 10:15 a.m.

CVE-2020-8026

2020-08-0710:15:11

CWE-276

[email protected]

web.nvd.nist.gov

107

cve

2020

8026

incorrect default permissions

vulnerability

inn

opensuse leap 15.2

opensuse tumbleweed

opensuse leap 15.1

privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

Affected configurations

NVD

Node

opensusebackports_sleMatch15.0sp1

opensusebackports_sleMatch15.0sp2

opensusetumbleweedRange≤2.6.2-4.2

opensuseleapMatch15.1

opensuseleapMatch15.2

CPENameOperatorVersion
opensuse:backports_sleopensuse backports sleeq15.0
opensuse:tumbleweedopensuse tumbleweedle2.6.2-4.2
opensuse:leapopensuse leapeq15.1
opensuse:leapopensuse leapeq15.2

CPE	Name	Operator	Version
opensuse:backports_sle	opensuse backports sle	eq	15.0
opensuse:tumbleweed	opensuse tumbleweed	le	2.6.2-4.2
opensuse:leap	opensuse leap	eq	15.1
opensuse:leap	opensuse leap	eq	15.2

CNA Affected

[
  {
    "product": "openSUSE Leap 15.2",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThanOrEqual": "2.6.2-lp152.1.26",
        "status": "affected",
        "version": "inn",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Tumbleweed",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThanOrEqual": "2.6.2-4.2",
        "status": "affected",
        "version": "inn",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Leap 15.1",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThanOrEqual": "2.5.4-lp151.3.3.1",
        "status": "affected",
        "version": "inn",
        "versionType": "custom"
      }
    ]
  }
]