CVE-2020-8013Link Following in Linux Enterprise Server 11

CWE-59Link Following4 documents4 sources
Severity
2.5LOWNVD
CNA2.2
EPSS
0.1%
top 83.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Suse Linux Enterprise Server 11Suse Linux Enterprise Server 12Suse Linux Enterprise Server 15+2 more
Timeline
PublishedMar 2
Latest updateMay 24

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise S

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages5 packages

CVEListV5suse/suse_linux_enterprise_server_11permissions2013.1.7-0.6.12.1
CVEListV5suse/suse_linux_enterprise_server_12permissions2015.09.28.1626-17.27.1
CVEListV5suse/suse_linux_enterprise_server_15permissions20181116-9.23.1
NVDopensuse/leap15.1

🔴Vulnerability Details

2
GHSA
GHSA-g26j-xpv7-cfwg: A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Ente2022-05-24
CVEList
permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim2020-03-02

📋Vendor Advisories

1
Oracle
Oracle Oracle Supply Chain Risk Matrix: Middle Tier (Apache Batik) — CVE-2018-80132020-07-15
CVE-2020-8013 — Link Following | cvebase