All the vulnerabilites related to SUSE - SUSE Linux Enterprise Server 15-LTSS
cve-2019-18904
Vulnerability from cvelistv5
Published
2020-04-03 07:10
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1160922 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | SUSE | SUSE Linux Enterprise High Performance Computing 15-ESPOS |
Version: rmt-server < 2.5.2-3.26.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:02:39.899Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160922" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SUSE Linux Enterprise High Performance Computing 15-ESPOS", "vendor": "SUSE", "versions": [ { "lessThan": "2.5.2-3.26.1", "status": "affected", "version": "rmt-server", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise High Performance Computing 15-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "2.5.2-3.26.1", "status": "affected", "version": "rmt-server", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Module for Public Cloud 15-SP1", "vendor": "SUSE", "versions": [ { "lessThan": "2.5.2-3.9.1", "status": "affected", "version": "rmt-server", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Module for Server Applications 15", "vendor": "SUSE", "versions": [ { "lessThan": "2.5.2-3.26.1", "status": "affected", "version": "rmt-server", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Module for Server Applications 15-SP1", "vendor": "SUSE", "versions": [ { "lessThan": "2.5.2-3.9.1", "status": "affected", "version": "rmt-server", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 15-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "2.5.2-3.26.1", "status": "affected", "version": "rmt-server", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 15", "vendor": "SUSE", "versions": [ { "lessThan": "2.5.2-3.26.1", "status": "affected", "version": "rmt-server", "versionType": "custom" } ] }, { "product": "openSUSE Leap 15.1", "vendor": "openSUSE", "versions": [ { "lessThan": "2.5.2-lp151.2.9.1", "status": "affected", "version": "rmt-server", "versionType": "custom" } ] } ], "datePublic": "2020-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-03T07:10:13", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160922" } ], "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1160922", "defect": [ "1160922" ], "discovery": "USER" }, "title": "Migrations requests can cause DoS on rmt", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-04-03T00:00:00.000Z", "ID": "CVE-2019-18904", "STATE": "PUBLIC", "TITLE": "Migrations requests can cause DoS on rmt" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "rmt-server", "version_value": "2.5.2-3.26.1" } ] } }, { "product_name": "SUSE Linux Enterprise High Performance Computing 15-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "rmt-server", "version_value": "2.5.2-3.26.1" } ] } }, { "product_name": "SUSE Linux Enterprise Module for Public Cloud 15-SP1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "rmt-server", "version_value": "2.5.2-3.9.1" } ] } }, { "product_name": "SUSE Linux Enterprise Module for Server Applications 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "rmt-server", "version_value": "2.5.2-3.26.1" } ] } }, { "product_name": "SUSE Linux Enterprise Module for Server Applications 15-SP1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "rmt-server", "version_value": "2.5.2-3.9.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 15-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "rmt-server", "version_value": "2.5.2-3.26.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "rmt-server", "version_value": "2.5.2-3.26.1" } ] } } ] }, "vendor_name": "SUSE" }, { "product": { "product_data": [ { "product_name": "openSUSE Leap 15.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "rmt-server", "version_value": "2.5.2-lp151.2.9.1" } ] } } ] }, "vendor_name": "openSUSE" } ] } }, "credit": [ { "lang": "eng" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1160922", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160922" } ] }, "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1160922", "defect": [ "1160922" ], "discovery": "USER" } } } }, "cveMetadata": { "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2019-18904", "datePublished": "2020-04-03T07:10:13.137414Z", "dateReserved": "2019-11-12T00:00:00", "dateUpdated": "2024-09-16T16:58:59.728Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-8023
Vulnerability from cvelistv5
Published
2020-09-01 11:25
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1172698 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | SUSE | SUSE Enterprise Storage 5 |
Version: openldap2 < 2.4.41-18.71.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:48:25.193Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172698" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SUSE Enterprise Storage 5", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Debuginfo 11-SP3", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.26-0.74.13.1,", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Debuginfo 11-SP4", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.26-0.74.13.1,", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Point of Sale 11-SP3", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.26-0.74.13.1,", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 11-SECURITY", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.26-0.74.13.1", "status": "affected", "version": "openldap2-client-openssl1", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 11-SP4-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.26-0.74.13.1,", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP2-BCL", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP2-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP3-BCL", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP3-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP4", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP5", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 15-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.46-9.31.1", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 12-SP2", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 12-SP3", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 15", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.46-9.31.1", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE OpenStack Cloud 7", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE OpenStack Cloud 8", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE OpenStack Cloud Crowbar 8", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.41-18.71.2", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "openSUSE Leap 15.1", "vendor": "openSUSE", "versions": [ { "lessThan": "2.4.46-lp151.10.12.1", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "openSUSE Leap 15.2", "vendor": "openSUSE", "versions": [ { "lessThan": "2.4.46-lp152.14.3.1", "status": "affected", "version": "openldap2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Johannes Segitz of SUSE" } ], "datePublic": "2020-07-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-349", "description": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-01T11:25:12", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172698" } ], "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172698", "defect": [ "1172698" ], "discovery": "INTERNAL" }, "title": "Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-07-06T00:00:00.000Z", "ID": "CVE-2020-8023", "STATE": "PUBLIC", "TITLE": "Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SUSE Enterprise Storage 5", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE Linux Enterprise Debuginfo 11-SP3", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.26-0.74.13.1," } ] } }, { "product_name": "SUSE Linux Enterprise Debuginfo 11-SP4", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.26-0.74.13.1," } ] } }, { "product_name": "SUSE Linux Enterprise Point of Sale 11-SP3", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.26-0.74.13.1," } ] } }, { "product_name": "SUSE Linux Enterprise Server 11-SECURITY", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2-client-openssl1", "version_value": "2.4.26-0.74.13.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 11-SP4-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.26-0.74.13.1," } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP2-BCL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP2-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP3-BCL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP3-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP4", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP5", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE Linux Enterprise Server 15-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.46-9.31.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 12-SP2", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 12-SP3", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.46-9.31.1" } ] } }, { "product_name": "SUSE OpenStack Cloud 7", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE OpenStack Cloud 8", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } }, { "product_name": "SUSE OpenStack Cloud Crowbar 8", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.41-18.71.2" } ] } } ] }, "vendor_name": "SUSE" }, { "product": { "product_data": [ { "product_name": "openSUSE Leap 15.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.46-lp151.10.12.1" } ] } }, { "product_name": "openSUSE Leap 15.2", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.46-lp152.14.3.1" } ] } } ] }, "vendor_name": "openSUSE" } ] } }, "credit": [ { "lang": "eng", "value": "Johannes Segitz of SUSE" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1172698", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172698" } ] }, "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172698", "defect": [ "1172698" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2020-8023", "datePublished": "2020-09-01T11:25:12.674939Z", "dateReserved": "2020-01-27T00:00:00", "dateUpdated": "2024-09-16T18:33:45.008Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3696
Vulnerability from cvelistv5
Published
2020-03-03 11:05
Modified
2024-09-16 22:20
Severity ?
EPSS score ?
Summary
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1153921 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | SUSE | SUSE Linux Enterprise High Performance Computing 15-ESPOS |
Version: pcp < 3.11.9-5.8.1 |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:17.737Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1153921" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SUSE Linux Enterprise High Performance Computing 15-ESPOS", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise High Performance Computing 15-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Module for Development Tools 15", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Module for Development Tools 15-SP1", "vendor": "SUSE", "versions": [ { "lessThan": "4.3.1-3.5.3", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 15-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 15", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Software Development Kit 12-SP4", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-6.14.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Software Development Kit 12-SP5", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-6.14.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "openSUSE Leap 15.1", "vendor": "openSUSE", "versions": [ { "lessThan": "4.3.1-lp151.2.3.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Johannes Segitz" } ], "datePublic": "2020-02-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-03T11:05:18", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1153921" } ], "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1153921", "defect": [ "1153921" ], "discovery": "INTERNAL" }, "title": "pcp: Local privilege escalation from user pcp to root through migrate_tempdirs", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-02-07T00:00:00.000Z", "ID": "CVE-2019-3696", "STATE": "PUBLIC", "TITLE": "pcp: Local privilege escalation from user pcp to root through migrate_tempdirs" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise High Performance Computing 15-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise Module for Development Tools 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise Module for Development Tools 15-SP1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "4.3.1-3.5.3" } ] } }, { "product_name": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 15-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP4", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-6.14.1" } ] } }, { "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP5", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-6.14.1" } ] } } ] }, "vendor_name": "SUSE" }, { "product": { "product_data": [ { "product_name": "openSUSE Leap 15.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "4.3.1-lp151.2.3.1" } ] } } ] }, "vendor_name": "openSUSE" } ] } }, "credit": [ { "lang": "eng", "value": "Johannes Segitz" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1153921", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1153921" } ] }, "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1153921", "defect": [ "1153921" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2019-3696", "datePublished": "2020-03-03T11:05:18.714867Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T22:20:22.200Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-8022
Vulnerability from cvelistv5
Published
2020-06-29 08:20
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1172405 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html | vendor-advisory, x_refsource_SUSE | |
https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:48:25.548Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405" }, { "name": "openSUSE-SU-2020:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html" }, { "name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E" }, { "name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E" }, { "name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E" }, { "name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SUSE Enterprise Storage 5", "vendor": "SUSE", "versions": [ { "lessThan": "8.0.53-29.32.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP2-BCL", "vendor": "SUSE", "versions": [ { "lessThan": "8.0.53-29.32.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP2-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "8.0.53-29.32.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP3-BCL", "vendor": "SUSE", "versions": [ { "lessThan": "8.0.53-29.32.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP3-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "8.0.53-29.32.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP4", "vendor": "SUSE", "versions": [ { "lessThan": "9.0.35-3.39.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 12-SP5", "vendor": "SUSE", "versions": [ { "lessThan": "9.0.35-3.39.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 15-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "9.0.35-3.57.3", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 12-SP2", "vendor": "SUSE", "versions": [ { "lessThan": "8.0.53-29.32.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 12-SP3", "vendor": "SUSE", "versions": [ { "lessThan": "8.0.53-29.32.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 15", "vendor": "SUSE", "versions": [ { "lessThan": "9.0.35-3.57.3", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE OpenStack Cloud 7", "vendor": "SUSE", "versions": [ { "lessThan": "8.0.53-29.32.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE OpenStack Cloud 8", "vendor": "SUSE", "versions": [ { "lessThan": "8.0.53-29.32.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] }, { "product": "SUSE OpenStack Cloud Crowbar 8", "vendor": "SUSE", "versions": [ { "lessThan": "8.0.53-29.32.1", "status": "affected", "version": "tomcat", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Matthias Gerstner of SUSE" } ], "datePublic": "2020-06-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276: Incorrect Default Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-07T14:06:28", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405" }, { "name": "openSUSE-SU-2020:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html" }, { "name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E" }, { "name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E" }, { "name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E" }, { "name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E" } ], "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172405", "defect": [ "1172405" ], "discovery": "INTERNAL" }, "title": "User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-06-26T00:00:00.000Z", "ID": "CVE-2020-8022", "STATE": "PUBLIC", "TITLE": "User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SUSE Enterprise Storage 5", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "8.0.53-29.32.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP2-BCL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "8.0.53-29.32.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP2-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "8.0.53-29.32.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP3-BCL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "8.0.53-29.32.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP3-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "8.0.53-29.32.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP4", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "9.0.35-3.39.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 12-SP5", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "9.0.35-3.39.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 15-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "9.0.35-3.57.3" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 12-SP2", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "8.0.53-29.32.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 12-SP3", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "8.0.53-29.32.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "9.0.35-3.57.3" } ] } }, { "product_name": "SUSE OpenStack Cloud 7", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "8.0.53-29.32.1" } ] } }, { "product_name": "SUSE OpenStack Cloud 8", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "8.0.53-29.32.1" } ] } }, { "product_name": "SUSE OpenStack Cloud Crowbar 8", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "tomcat", "version_value": "8.0.53-29.32.1" } ] } } ] }, "vendor_name": "SUSE" } ] } }, "credit": [ { "lang": "eng", "value": "Matthias Gerstner of SUSE" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-276: Incorrect Default Permissions" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1172405", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405" }, { "name": "openSUSE-SU-2020:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html" }, { "name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E" }, { "name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E" }, { "name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E" }, { "name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E" } ] }, "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172405", "defect": [ "1172405" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2020-8022", "datePublished": "2020-06-29T08:20:12.619393Z", "dateReserved": "2020-01-27T00:00:00", "dateUpdated": "2024-09-17T00:16:49.694Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-8025
Vulnerability from cvelistv5
Published
2020-08-07 10:10
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1171883 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | SUSE | SUSE Linux Enterprise Server 12-SP4 |
Version: permissions < 20170707-3.24.1 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:48:25.473Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171883" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SUSE Linux Enterprise Server 12-SP4", "vendor": "SUSE", "versions": [ { "lessThan": "20170707-3.24.1", "status": "affected", "version": "permissions", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 15-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "20180125-3.27.1", "status": "affected", "version": "permissions", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 15", "vendor": "SUSE", "versions": [ { "lessThan": "20180125-3.27.1", "status": "affected", "version": "permissions", "versionType": "custom" } ] }, { "product": "openSUSE Leap 15.1", "vendor": "openSUSE", "versions": [ { "lessThan": "20181116-lp151.4.24.1", "status": "affected", "version": "permissions", "versionType": "custom" } ] }, { "product": "openSUSE Tumbleweed", "vendor": "openSUSE", "versions": [ { "lessThan": "20200624", "status": "affected", "version": "permissions", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Matthias Gerstner of SUSE" } ], "datePublic": "2020-07-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-279", "description": "CWE-279: Incorrect Execution-Assigned Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-07T10:10:14", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171883" } ], "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1171883", "defect": [ "1171883" ], "discovery": "INTERNAL" }, "title": "outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-07-06T00:00:00.000Z", "ID": "CVE-2020-8025", "STATE": "PUBLIC", "TITLE": "outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SUSE Linux Enterprise Server 12-SP4", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "permissions", "version_value": "20170707-3.24.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 15-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "permissions", "version_value": "20180125-3.27.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "permissions", "version_value": "20180125-3.27.1" } ] } } ] }, "vendor_name": "SUSE" }, { "product": { "product_data": [ { "product_name": "openSUSE Leap 15.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "permissions", "version_value": "20181116-lp151.4.24.1" } ] } }, { "product_name": "openSUSE Tumbleweed", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "permissions", "version_value": "20200624" } ] } } ] }, "vendor_name": "openSUSE" } ] } }, "credit": [ { "lang": "eng", "value": "Matthias Gerstner of SUSE" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-279: Incorrect Execution-Assigned Permissions" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1171883", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171883" } ] }, "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1171883", "defect": [ "1171883" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2020-8025", "datePublished": "2020-08-07T10:10:14.243912Z", "dateReserved": "2020-01-27T00:00:00", "dateUpdated": "2024-09-16T19:09:19.442Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3695
Vulnerability from cvelistv5
Published
2020-03-03 11:05
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1152763 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | SUSE | SUSE Linux Enterprise High Performance Computing 15-ESPOS |
Version: pcp < 3.11.9-5.8.1 |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:17.572Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1152763" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SUSE Linux Enterprise High Performance Computing 15-ESPOS", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise High Performance Computing 15-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Module for Development Tools 15", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Module for Development Tools 15-SP1", "vendor": "SUSE", "versions": [ { "lessThan": "4.3.1-3.5.3", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 15-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 15", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-5.8.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Software Development Kit 12-SP4", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-6.14.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Software Development Kit 12-SP5", "vendor": "SUSE", "versions": [ { "lessThan": "3.11.9-6.14.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] }, { "product": "openSUSE Leap 15.1", "vendor": "openSUSE", "versions": [ { "lessThan": "4.3.1-lp151.2.3.1", "status": "affected", "version": "pcp", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Johannes Segitz" } ], "datePublic": "2020-02-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-03T11:05:17", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1152763" } ], "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1152763", "defect": [ "1152763" ], "discovery": "INTERNAL" }, "title": "pcp: Local privilege escalation from user pcp to root", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-02-07T00:00:00.000Z", "ID": "CVE-2019-3695", "STATE": "PUBLIC", "TITLE": "pcp: Local privilege escalation from user pcp to root" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise High Performance Computing 15-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise Module for Development Tools 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise Module for Development Tools 15-SP1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "4.3.1-3.5.3" } ] } }, { "product_name": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server 15-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-5.8.1" } ] } }, { "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP4", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-6.14.1" } ] } }, { "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP5", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "3.11.9-6.14.1" } ] } } ] }, "vendor_name": "SUSE" }, { "product": { "product_data": [ { "product_name": "openSUSE Leap 15.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "pcp", "version_value": "4.3.1-lp151.2.3.1" } ] } } ] }, "vendor_name": "openSUSE" } ] } }, "credit": [ { "lang": "eng", "value": "Johannes Segitz" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-94: Improper Control of Generation of Code" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1152763", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1152763" } ] }, "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1152763", "defect": [ "1152763" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2019-3695", "datePublished": "2020-03-03T11:05:18.069478Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T18:03:10.964Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-8027
Vulnerability from cvelistv5
Published
2021-02-11 16:10
Modified
2024-09-16 17:54
Severity ?
EPSS score ?
Summary
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1175568 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | SUSE | SUSE Linux Enterprise Server 15-LTSS |
Version: openldap2 < 2.4.46-9.37.1 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:48:24.820Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1175568" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SUSE Linux Enterprise Server 15-LTSS", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.46-9.37.1", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server for SAP 15", "vendor": "SUSE", "versions": [ { "lessThan": "2.4.46-9.37.1", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "openSUSE Leap 15.1", "vendor": "openSUSE", "versions": [ { "lessThan": "2.4.46-lp151.10.18.1", "status": "affected", "version": "openldap2", "versionType": "custom" } ] }, { "product": "openSUSE Leap 15.2", "vendor": "openSUSE", "versions": [ { "lessThan": "2.4.46-lp152.14.9.1", "status": "affected", "version": "openldap2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Thorsten Kukuk/Matthias Gerstner of SUSE" } ], "datePublic": "2020-09-22T00:00:00", "descriptions": [ { "lang": "en", "value": "A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-377", "description": "CWE-377: Insecure Temporary File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-11T16:10:14", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1175568" } ], "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1175568", "defect": [ "1175568" ], "discovery": "INTERNAL" }, "title": "openldap uses fixed paths in /tmp", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-09-22T00:00:00.000Z", "ID": "CVE-2020-8027", "STATE": "PUBLIC", "TITLE": "openldap uses fixed paths in /tmp" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SUSE Linux Enterprise Server 15-LTSS", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.46-9.37.1" } ] } }, { "product_name": "SUSE Linux Enterprise Server for SAP 15", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.46-9.37.1" } ] } } ] }, "vendor_name": "SUSE" }, { "product": { "product_data": [ { "product_name": "openSUSE Leap 15.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.46-lp151.10.18.1" } ] } }, { "product_name": "openSUSE Leap 15.2", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "openldap2", "version_value": "2.4.46-lp152.14.9.1" } ] } } ] }, "vendor_name": "openSUSE" } ] } }, "credit": [ { "lang": "eng", "value": "Thorsten Kukuk/Matthias Gerstner of SUSE" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-377: Insecure Temporary File" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1175568", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1175568" } ] }, "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1175568", "defect": [ "1175568" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2020-8027", "datePublished": "2021-02-11T16:10:14.335132Z", "dateReserved": "2020-01-27T00:00:00", "dateUpdated": "2024-09-16T17:54:21.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }