CVE-2020-8027

CWE-3773 documents3 sources

Severity

6.6MEDIUM

EPSS

0.0%

top 87.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Opensuse Leap 15.1 Opensuse Opensuse Leap 15.2 Suse Suse Linux Enterprise Server 15-ltss +2 more

Timeline

PublishedFeb 11

Latest updateMay 24

Description

A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 2.5 | Impact: 4.7

Affected Packages5 packages

▶CVEListV5suse/suse_linux_enterprise_server_15-ltssopenldap2 — 2.4.46-9.37.1

▶CVEListV5suse/suse_linux_enterprise_server_for_sap_15openldap2 — 2.4.46-9.37.1

▶NVDopensuse/openldap2< 2.4.46-9.37.1+2

▶CVEListV5opensuse/opensuse_leap_15.1openldap2 — 2.4.46-lp151.10.18.1

▶CVEListV5opensuse/opensuse_leap_15.2openldap2 — 2.4.46-lp152.14.9.1

🔴Vulnerability Details

GHSA

GHSA-9rfj-vjc2-f7cj: A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 1↗2022-05-24

▶

CVEList

openldap uses fixed paths in /tmp↗2021-02-11

▶