CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8026

HIGH
8.4
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile41.08th
PublishedAug 7, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

Affected Platforms (CPE)

πŸ“¦
Opensuse

Backports Sle

= 15.0
πŸ“¦
Opensuse

Backports Sle

= 15.0
πŸ“¦
Opensuse

Tumbleweed

<= 2.6.2-4.2
πŸ’»
Opensuse

Leap

= 15.1
πŸ’»
Opensuse

Leap

= 15.2

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html
πŸ”— https://bugzilla.suse.com/show_bug.cgi?id=1172573
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html

Related Vulnerabilities

CVE-2020-80197.7

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SU...

CVE-2021-319986.8

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports S...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...