CVE-2020-8017

CWE-3673 documents3 sources

Severity

6.3MEDIUM

EPSS

0.0%

top 93.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Opensuse Leap 15.1 Suse Suse Linux Enterprise Module FOR Desktop Applications 15-sp1 Suse Suse Linux Enterprise Software Development KIT 12-sp4 +3 more

Timeline

PublishedApr 2

Latest updateMay 24

Description

A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5suse/suse_linux_enterprise_software_development_kit_12-sp4texlive-filesystem — 2013.74-16.5.1

▶CVEListV5suse/suse_linux_enterprise_software_development_kit_12-sp5texlive-filesystem — 2013.74-16.5.1

▶CVEListV5suse/suse_linux_enterprise_module_for_desktop_applications_15-sp1texlive-filesystem — 2017.135-9.5.1

▶NVDopensuse/texlive-filesystem< 2017.135-9.5.1+2

▶CVEListV5opensuse/opensuse_leap_15.1texlive-filesystem — 2017.135-lp151.8.3.1

🔴Vulnerability Details

GHSA

GHSA-h5g4-pg5p-f88v: A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop App↗2022-05-24

▶

CVEList

race condition on texlive-filesystem cron job allows for the deletion of unintended files↗2020-04-02

▶