CVE-2020-8024

CWE-276 — Incorrect Default Permissions5 documents5 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 63.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Opensuse Factory Opensuse Opensuse Leap 15.2 Opensuse Hylafax\++1 more

Timeline

PublishedJun 29

Latest updateMay 24

Description

A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages4 packages

▶CVEListV5opensuse/opensuse_leap_15.2hylafax+ — 7.0.2-lp152.2.1

▶CVEListV5opensuse/opensuse_leap_15.1hylafax+ — 5.6.1-lp151.3.7

▶CVEListV5opensuse/opensuse_factoryhylafax+ — 7.0.2-2.1

▶NVDopensuse/hylafax\+< 7.0.2-lp152.2.1+2

Patches

Patch: lists.opensuse.org ↗Patch: lists.opensuse.org ↗

🔴Vulnerability Details

GHSA

GHSA-rv88-x9wr-52g7: A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15↗2022-05-24

▶

CVEList

Problematic permissions in hylafax+ packaging allow escalation from uucp to other users↗2020-06-29

▶

OSV

CVE-2020-8024: A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15↗2020-06-29

▶

📋Vendor Advisories

Debian

CVE-2020-8024: hylafax - A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of op...↗2020

▶