CVE-2020-8015 — Link Following in Factory

CWE-59 — Link Following7 documents5 sources

Severity

7.8HIGHNVD

CNA8.4

EPSS

0.1%

top 65.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Factory Exim

Timeline

PublishedApr 2

Latest updateMay 24

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5opensuse/factoryexim — 4.93.0.4-3.1

▶NVDexim/exim< 4.93.0.4-3.1

🔴Vulnerability Details

GHSA

GHSA-rpgh-5p2m-vxqx: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail↗2022-05-24

▶

CVEList

Local privilege escalation in exim package from user mail to root↗2020-04-02

▶

📋Vendor Advisories

Red Hat

exim: Symlink Following could result in privilege escalation↗2019-10-16

▶

💬Community

Bugzilla

CVE-2020-8015 exim: Symlink Following could result in privilege escalation [fedora-all]↗2020-04-07

▶

Bugzilla

CVE-2020-8015 exim: Symlink Following could result in privilege escalation [epel-all]↗2020-04-07

▶

Bugzilla

CVE-2020-8015 exim: Symlink Following could result in privilege escalation↗2020-04-07

▶