CVE-2020-8022 User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges

🗓️ 29 Jun 2020 08:20:12Reported by suseType

CVE-2020-8022 vulnerability in tomcat packagin

Reporter	Title	Published	Views	Family All 31
IBM Security Bulletins	Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries	26 Mar 202503:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator	29 Apr 202502:11	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-22345, CVE-2020-8022, CVE-2021-33813, CVE-2020-9488)	25 Apr 202214:25	–	ibm
BDU FSTEC	The vulnerability of the /usr/lib/tmpfiles.d/tomcat.conf component of the Tomcat package on the SUSE Linux Enterprise operating system allows a hacker to gain increased privileges.	9 Jul 202000:00	–	bdu_fstec
CVE	CVE-2020-8022	29 Jun 202008:20	–	cve
EUVD	EUVD-2022-1008	3 Oct 202520:07	–	euvd
Github Security Blog	Incorrect Default Permissions in Apache Tomcat	9 Feb 202223:01	–	github
NCSC	Vulnerabilities fixed in IBM QRadar	26 Apr 202200:00	–	ncsc

[
  {
    "product": "SUSE Enterprise Storage 5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "8.0.53-29.32.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP2-BCL",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "8.0.53-29.32.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP2-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "8.0.53-29.32.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP3-BCL",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "8.0.53-29.32.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP3-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "8.0.53-29.32.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP4",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.35-3.39.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.35-3.39.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 15-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.35-3.57.3",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 12-SP2",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "8.0.53-29.32.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 12-SP3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "8.0.53-29.32.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.35-3.57.3",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE OpenStack Cloud 7",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "8.0.53-29.32.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE OpenStack Cloud 8",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "8.0.53-29.32.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE OpenStack Cloud Crowbar 8",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "8.0.53-29.32.1",
        "status": "affected",
        "version": "tomcat",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E
lists	www.lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html
lists	www.lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E
bugzilla	www.bugzilla.suse.com/show_bug.cgi