← back
CVE-2020-8030

skuba: Insecure /tmp usage when joining node to cluster

CVSS 3.6 LOWEPSS 0.2%CWE-377
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.6EPSS 0.2%KEV nãoPoC Patch
Lifecycle
11 Feb 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected products
SUSE · SUSE CaaS Platform 4.5

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.suse.com/show_bug.cgi?id=1177361