CVE-2020-8025

CWE-279 CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

9.3CRITICAL

EPSS

0.0%

top 84.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Opensuse Leap 15.1 Opensuse Opensuse Tumbleweed Suse Suse Linux Enterprise Server 12-sp4 +5 more

Timeline

PublishedAug 7

Latest updateMay 24

Description

A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prio…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.7

Affected Packages8 packages

▶CVEListV5suse/suse_linux_enterprise_server_15-ltsspermissions — 20180125-3.27.1

▶CVEListV5suse/suse_linux_enterprise_server_12-sp4permissions — 20170707-3.24.1

▶CVEListV5suse/suse_linux_enterprise_server_for_sap_15permissions — 20180125-3.27.1

▶NVDsuse/linux_enterprise_server15

▶NVDsuse/linux_enterprise_software_development_kit12

🔴Vulnerability Details

GHSA

GHSA-g55h-q572-52j6: A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Serv↗2022-05-24

▶

CVEList

outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues↗2020-08-07

▶

📋Vendor Advisories

Red Hat

pcp: Insecure permission of /var/lib/pcp/tmp/ directories on SUSE↗2021-01-21

▶