CVE-2020-8019

CWE-613 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 64.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Opensuse Opensuse Backports Sle-15-sp1Opensuse Opensuse Leap 15.1Suse Suse Linux Enterprise Debuginfo 11-sp3+6 more
Timeline
PublishedJun 29
Latest updateMay 24

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.5 | Impact: 5.2

Affected Packages9 packages

CVEListV5suse/suse_linux_enterprise_server_11-sp4-ltsssyslog-ng2.0.9-27.34.40.5.1
CVEListV5suse/suse_linux_enterprise_module_for_legacy_software_12syslog-ng3.6.4-12.8.1
CVEListV5suse/suse_linux_enterprise_debuginfo_11-sp3syslog-ng2.0.9-27.34.40.5.1
CVEListV5suse/suse_linux_enterprise_debuginfo_11-sp4syslog-ng2.0.9-27.34.40.5.1
CVEListV5suse/suse_linux_enterprise_point_of_sale_11-sp3syslog-ng2.0.9-27.34.40.5.1

🔴Vulnerability Details

2
GHSA
GHSA-4j55-xp84-jjv2: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise2022-05-24
CVEList
syslog-ng: Local privilege escalation from new to root in %post2020-06-29
CVE-2020-8019 (HIGH CVSS 7.8) | A UNIX Symbolic Link (Symlink) Foll | cvebase.io