← back
CVE-2020-8026

inn: non-root owned files

CVSS 8.4 HIGHEPSS 0.4%CWE-276
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
07 Aug 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
openSUSE · openSUSE Leap 15.1openSUSE · openSUSE Leap 15.2openSUSE · openSUSE Tumbleweed

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=1172573