CVE-2020-8026

CWE-276Incorrect Default Permissions4 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 83.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Opensuse Opensuse Leap 15.1Opensuse Opensuse Leap 15.2Opensuse Opensuse Tumbleweed+3 more
Timeline
PublishedAug 7
Latest updateMay 24

Description

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages6 packages

CVEListV5opensuse/opensuse_leap_15.1inn2.5.4-lp151.3.3.1
CVEListV5opensuse/opensuse_leap_15.2inn2.6.2-lp152.1.26
NVDopensuse/leap15.1, 15.2+1
NVDopensuse/tumbleweed2.6.2-4.2
CVEListV5opensuse/opensuse_tumbleweedinn2.6.2-4.2

🔴Vulnerability Details

2
GHSA
GHSA-fm9w-35mc-phwx: A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 152022-05-24
CVEList
inn: non-root owned files2020-08-07

📋Vendor Advisories

1
Debian
CVE-2020-8026: inn2 - A Incorrect Default Permissions vulnerability in the packaging of inn in openSUS...2020