CVE-2020-8026
Vulnerability from cvelistv5
Published
2020-08-07 09:25
Modified
2024-09-16 16:57
Severity ?
EPSS score ?
Summary
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | openSUSE | openSUSE Leap 15.2 |
Version: inn < |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:48:24.996Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573" }, { "name": "openSUSE-SU-2020:1271", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html" }, { "name": "openSUSE-SU-2020:1272", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html" }, { "name": "openSUSE-SU-2020:1304", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html" }, { "name": "openSUSE-SU-2020:1427", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "openSUSE Leap 15.2", "vendor": "openSUSE", "versions": [ { "lessThanOrEqual": "2.6.2-lp152.1.26", "status": "affected", "version": "inn", "versionType": "custom" } ] }, { "product": "openSUSE Tumbleweed", "vendor": "openSUSE", "versions": [ { "lessThanOrEqual": "2.6.2-4.2", "status": "affected", "version": "inn", "versionType": "custom" } ] }, { "product": "openSUSE Leap 15.1", "vendor": "openSUSE", "versions": [ { "lessThanOrEqual": "2.5.4-lp151.3.3.1", "status": "affected", "version": "inn", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Matthias Gerstner/Johannes Segitz of SUSE" } ], "datePublic": "2020-07-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276: Incorrect Default Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-18T17:06:35", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573" }, { "name": "openSUSE-SU-2020:1271", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html" }, { "name": "openSUSE-SU-2020:1272", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html" }, { "name": "openSUSE-SU-2020:1304", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html" }, { "name": "openSUSE-SU-2020:1427", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html" } ], "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172573", "defect": [ "1172573" ], "discovery": "INTERNAL" }, "title": "inn: non-root owned files", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-07-24T00:00:00.000Z", "ID": "CVE-2020-8026", "STATE": "PUBLIC", "TITLE": "inn: non-root owned files" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "openSUSE Leap 15.2", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "inn", "version_value": "2.6.2-lp152.1.26" } ] } }, { "product_name": "openSUSE Tumbleweed", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "inn", "version_value": "2.6.2-4.2" } ] } }, { "product_name": "openSUSE Leap 15.1", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "inn", "version_value": "2.5.4-lp151.3.3.1" } ] } } ] }, "vendor_name": "openSUSE" } ] } }, "credit": [ { "lang": "eng", "value": "Matthias Gerstner/Johannes Segitz of SUSE" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-276: Incorrect Default Permissions" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1172573", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573" }, { "name": "openSUSE-SU-2020:1271", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html" }, { "name": "openSUSE-SU-2020:1272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html" }, { "name": "openSUSE-SU-2020:1304", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html" }, { "name": "openSUSE-SU-2020:1427", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html" } ] }, "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172573", "defect": [ "1172573" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2020-8026", "datePublished": "2020-08-07T09:25:13.939809Z", "dateReserved": "2020-01-27T00:00:00", "dateUpdated": "2024-09-16T16:57:41.593Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-8026\",\"sourceIdentifier\":\"meissner@suse.de\",\"published\":\"2020-08-07T10:15:11.987\",\"lastModified\":\"2024-11-21T05:38:14.813\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de inn en openSUSE Leap versi\u00f3n 15.2, openSUSE Tumbleweed, openSUSE Leap versi\u00f3n 15.1, permite a atacantes locales con control del nuevo usuario escalar sus privilegios a root. Este problema afecta a: inn versi\u00f3n 2.6.2-lp152.1.26 y versiones anteriores de openSUSE Leap versi\u00f3n 15.2. inn versi\u00f3n 2.6.2-4.2 y versiones anteriores de openSUSE Tumbleweed. inn versi\u00f3n 2.5.4-lp151.3.3.1 y versiones anteriores de openSUSE Leap versi\u00f3n 15.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40513095-7E6E-46B3-B604-C926F1BA3568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E82302-4B77-44F3-97B1-24C18AC4A35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:tumbleweed:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.2-4.2\",\"matchCriteriaId\":\"C6C65B15-A770-421F-A71E-FD6DB540EE1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html\",\"source\":\"meissner@suse.de\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html\",\"source\":\"meissner@suse.de\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html\",\"source\":\"meissner@suse.de\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html\",\"source\":\"meissner@suse.de\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1172573\",\"source\":\"meissner@suse.de\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1172573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.