CVE-2020-8023

CWE-3493 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 81.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
Opensuse Opensuse Leap 15.1Opensuse Opensuse Leap 15.2Suse Suse Enterprise Storage 5+19 more
Timeline
PublishedSep 1
Latest updateMay 24

Description

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.5 | Impact: 5.2

Affected Packages22 packages

CVEListV5suse/suse_linux_enterprise_server_15-ltssopenldap22.4.46-9.31.1
CVEListV5suse/suse_linux_enterprise_server_11-sp4-ltssopenldap22.4.26-0.74.13.1,
CVEListV5suse/suse_linux_enterprise_server_12-sp2-ltssopenldap22.4.41-18.71.2
CVEListV5suse/suse_linux_enterprise_server_12-sp3-ltssopenldap22.4.41-18.71.2
CVEListV5suse/suse_linux_enterprise_server_11-securityopenldap2-client-openssl12.4.26-0.74.13.1

🔴Vulnerability Details

2
GHSA
GHSA-jpq8-q698-27vp: A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux En2022-05-24
CVEList
Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap22020-09-01
CVE-2020-8023 (HIGH CVSS 7.8) | A acceptance of Extraneous Untruste | cvebase.io