CVE-2020-8029Incorrect Permission Assignment in Caas Platform 4.5

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
4.0MEDIUMNVD
CNA2.9
EPSS
0.1%
top 70.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse Caas Platform 4.5Suse Caas Platform
Timeline
PublishedFeb 11
Latest updateMay 24

Description

A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

CVEListV5suse/suse_caas_platform_4.5skubahttps://github.com/SUSE/skuba/pull/1416

🔴Vulnerability Details

2
GHSA
GHSA-3hfm-p6g2-9fv7: A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 42022-05-24
CVEList
skuba: Insecure handling of private key2021-02-11
CVE-2020-8029 — Incorrect Permission Assignment | cvebase