CVE-2020-8624

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

Published: Aug 21, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-8624
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
isc / bind	9.10.7	9.10.8.x
isc / bind	9.17.0	9.17.3.x
isc / bind	9.11.3	9.11.21.x
isc / bind	9.9.12	9.9.13.x
isc / bind	9.12.1	9.16.5.x
isc / bind	9.11.3-s1	9.11.3-s1.x
isc / bind	9.9.12-s1	9.9.12-s1.x
isc / bind	9.9.13-s1	9.9.13-s1.x
isc / bind	9.11.21-s1	9.11.21-s1.x
debian / debian_linux	10.0	10.0.x
canonical / ubuntu_linux	18.04	18.04.x
fedoraproject / fedora	31	31.x
fedoraproject / fedora	32	32.x
canonical / ubuntu_linux	20.04	20.04.x
canonical / ubuntu_linux	16.04	16.04.x
opensuse / leap	15.1	15.1.x
opensuse / leap	15.2	15.2.x

Vulnerability Database

CVE-2020-8624