CVE-2020-8026

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

Published: Aug 7, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-8026
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
opensuse / leap	15.1	15.1.x
opensuse / backports_sle	15.0-sp1	15.0-sp1.x
opensuse / leap	15.2	15.2.x
opensuse / tumbleweed	-	2.6.2-4.2.x
opensuse / backports_sle	15.0-sp2	15.0-sp2.x

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html
https://bugzilla.suse.com/show_bug.cgi?id=1172573

Vulnerability Database

289,697

CVE-2020-8026