CVE-2020-8022Incorrect Default Permissions in Enterprise Storage 5

CWE-276Incorrect Default Permissions6 documents6 sources
Severity
7.8HIGHNVD
CNA7.7
EPSS
0.2%
top 59.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Suse Enterprise Storage 5Suse Linux Enterprise Server 12-sp2-bclSuse Linux Enterprise Server 12-sp2-ltss+13 more
Timeline
PublishedJun 29
Latest updateFeb 9

Description

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages16 packages

CVEListV5suse/suse_linux_enterprise_server_15-ltsstomcat9.0.35-3.57.3
CVEListV5suse/suse_linux_enterprise_server_12-sp2-ltsstomcat8.0.53-29.32.1
CVEListV5suse/suse_linux_enterprise_server_12-sp3-ltsstomcat8.0.53-29.32.1
CVEListV5suse/suse_linux_enterprise_server_12-sp4tomcat9.0.35-3.39.1
CVEListV5suse/suse_linux_enterprise_server_12-sp5tomcat9.0.35-3.39.1

🔴Vulnerability Details

3
GHSA
Incorrect Default Permissions in Apache Tomcat2022-02-09
OSV
Incorrect Default Permissions in Apache Tomcat2022-02-09
CVEList
User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges2020-06-29

📋Vendor Advisories

1
Red Hat
tomcat: /usr/lib/tmpfiles.d/tomcat.conf is group-writable2020-06-29

💬Community

1
Bugzilla
CVE-2020-8022 tomcat: /usr/lib/tmpfiles.d/tomcat.conf is group-writable2020-07-01
CVE-2020-8022 — Incorrect Default Permissions | cvebase