CVE-2020-8013

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.

Published: Mar 2, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-8013
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.5
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 1.9
AV:L/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
suse / linux_enterprise_server	12	12.x
suse / linux_enterprise_server	15	15.x
suse / linux_enterprise_server	11	11.x
opensuse / leap	15.1	15.1.x

Vulnerability Database

CVE-2020-8013