CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CVE-2020-8022 (GCVE-0-2020-8022)
Vulnerability from cvelistv5 – Published: 2020-06-29 08:20 – Updated: 2024-09-17 00:16
VLAI
Title
User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges
Summary
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
Severity
7.7 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1172405 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.apache.org/thread.html/rf50d02409e5… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/ra87ec20a0f4… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r5be80ba868a… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r393d4f43168… | mailing-listx_refsource_MLIST |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Enterprise Storage 5 |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP2-BCL |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP2-LTSS |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP3-BCL |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP3-LTSS |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP4 |
Affected:
tomcat , < 9.0.35-3.39.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP5 |
Affected:
tomcat , < 9.0.35-3.39.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15-LTSS |
Affected:
tomcat , < 9.0.35-3.57.3
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 12-SP2 |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 12-SP3 |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 15 |
Affected:
tomcat , < 9.0.35-3.57.3
(custom)
|
|
| SUSE | SUSE OpenStack Cloud 7 |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
|
| SUSE | SUSE OpenStack Cloud 8 |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
|
| SUSE | SUSE OpenStack Cloud Crowbar 8 |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
Date Public
2020-06-26 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"name": "openSUSE-SU-2020:0911",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Enterprise Storage 5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP2-BCL",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP3-BCL",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0.35-3.39.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0.35-3.39.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 15-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0.35-3.57.3",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 12-SP2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 12-SP3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 15",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0.35-3.57.3",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud Crowbar 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2020-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-07T14:06:28.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"name": "openSUSE-SU-2020:0911",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"defect": [
"1172405"
],
"discovery": "INTERNAL"
},
"title": "User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-06-26T00:00:00.000Z",
"ID": "CVE-2020-8022",
"STATE": "PUBLIC",
"TITLE": "User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Enterprise Storage 5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP2-BCL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP3-BCL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.39.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.39.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 15-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.57.3"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 15",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.57.3"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud 7",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud 8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud Crowbar 8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"name": "openSUSE-SU-2020:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"defect": [
"1172405"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2020-8022",
"datePublished": "2020-06-29T08:20:12.619Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:16:49.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8024 (GCVE-0-2020-8024)
Vulnerability from cvelistv5 – Published: 2020-06-29 07:45 – Updated: 2024-09-17 01:21
VLAI
Title
Problematic permissions in hylafax+ packaging allow escalation from uucp to other users
Summary
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.
Severity
5.3 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1172731 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| openSUSE | openSUSE Leap 15.2 |
Affected:
hylafax+ , < 7.0.2-lp152.2.1
(custom)
|
|
| openSUSE | openSUSE Leap 15.1 |
Affected:
hylafax+ , ≤ 5.6.1-lp151.3.7
(custom)
|
|
| openSUSE | openSUSE Factory |
Affected:
hylafax+ , < 7.0.2-2.1
(custom)
|
Date Public
2020-06-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172731"
},
{
"name": "openSUSE-SU-2020:0958",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openSUSE Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "7.0.2-lp152.2.1",
"status": "affected",
"version": "hylafax+",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.1",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "5.6.1-lp151.3.7",
"status": "affected",
"version": "hylafax+",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "7.0.2-2.1",
"status": "affected",
"version": "hylafax+",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner"
}
],
"datePublic": "2020-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T11:06:15.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172731"
},
{
"name": "openSUSE-SU-2020:0958",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00022.html"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172731",
"defect": [
"1172731"
],
"discovery": "INTERNAL"
},
"title": "Problematic permissions in hylafax+ packaging allow escalation from uucp to other users",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-06-15T00:00:00.000Z",
"ID": "CVE-2020-8024",
"STATE": "PUBLIC",
"TITLE": "Problematic permissions in hylafax+ packaging allow escalation from uucp to other users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openSUSE Leap 15.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "hylafax+",
"version_value": "7.0.2-lp152.2.1"
}
]
}
},
{
"product_name": "openSUSE Leap 15.1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "hylafax+",
"version_value": "5.6.1-lp151.3.7"
}
]
}
},
{
"product_name": "openSUSE Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "hylafax+",
"version_value": "7.0.2-2.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1172731",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172731"
},
{
"name": "openSUSE-SU-2020:0958",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00022.html"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172731",
"defect": [
"1172731"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2020-8024",
"datePublished": "2020-06-29T07:45:17.539Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:21:22.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8026 (GCVE-0-2020-8026)
Vulnerability from cvelistv5 – Published: 2020-08-07 09:25 – Updated: 2024-09-16 16:57
VLAI
Title
inn: non-root owned files
Summary
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
Severity
8.4 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1172573 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| openSUSE | openSUSE Leap 15.2 |
Affected:
inn , ≤ 2.6.2-lp152.1.26
(custom)
|
|
| openSUSE | openSUSE Tumbleweed |
Affected:
inn , ≤ 2.6.2-4.2
(custom)
|
|
| openSUSE | openSUSE Leap 15.1 |
Affected:
inn , ≤ 2.5.4-lp151.3.3.1
(custom)
|
Date Public
2020-07-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573"
},
{
"name": "openSUSE-SU-2020:1271",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html"
},
{
"name": "openSUSE-SU-2020:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html"
},
{
"name": "openSUSE-SU-2020:1304",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html"
},
{
"name": "openSUSE-SU-2020:1427",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openSUSE Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "2.6.2-lp152.1.26",
"status": "affected",
"version": "inn",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Tumbleweed",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "2.6.2-4.2",
"status": "affected",
"version": "inn",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.1",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "2.5.4-lp151.3.3.1",
"status": "affected",
"version": "inn",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner/Johannes Segitz of SUSE"
}
],
"datePublic": "2020-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T17:06:35.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573"
},
{
"name": "openSUSE-SU-2020:1271",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html"
},
{
"name": "openSUSE-SU-2020:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html"
},
{
"name": "openSUSE-SU-2020:1304",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html"
},
{
"name": "openSUSE-SU-2020:1427",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172573",
"defect": [
"1172573"
],
"discovery": "INTERNAL"
},
"title": "inn: non-root owned files",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-07-24T00:00:00.000Z",
"ID": "CVE-2020-8026",
"STATE": "PUBLIC",
"TITLE": "inn: non-root owned files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openSUSE Leap 15.2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "inn",
"version_value": "2.6.2-lp152.1.26"
}
]
}
},
{
"product_name": "openSUSE Tumbleweed",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "inn",
"version_value": "2.6.2-4.2"
}
]
}
},
{
"product_name": "openSUSE Leap 15.1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "inn",
"version_value": "2.5.4-lp151.3.3.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner/Johannes Segitz of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1172573",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573"
},
{
"name": "openSUSE-SU-2020:1271",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html"
},
{
"name": "openSUSE-SU-2020:1272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html"
},
{
"name": "openSUSE-SU-2020:1304",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html"
},
{
"name": "openSUSE-SU-2020:1427",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172573",
"defect": [
"1172573"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2020-8026",
"datePublished": "2020-08-07T09:25:13.939Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:57:41.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8346 (GCVE-0-2020-8346)
Vulnerability from cvelistv5 – Published: 2020-09-15 14:20 – Updated: 2024-09-17 04:18
VLAI
Summary
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.
Severity
5.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | System Interface Foundation |
Affected:
unspecified , < 1.1.19.5
(custom)
|
Date Public
2020-09-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-38717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System Interface Foundation",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.1.19.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Samet Bekmezci for reporting this issue."
}
],
"datePublic": "2020-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T14:20:18.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-38717"
}
],
"solutions": [
{
"lang": "en",
"value": "To update Lenovo System Interface Foundation to version 1.1.19.5 or later, follow these steps: Update Lenovo Vantage to the latest version from the Microsoft Store. Re-launch Lenovo Vantage to complete the update."
}
],
"source": {
"advisory": "LEN-38717",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-09-15T16:00:00.000Z",
"ID": "CVE-2020-8346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Interface Foundation",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.1.19.5"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Samet Bekmezci for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-38717",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-38717"
}
]
},
"solution": [
{
"lang": "en",
"value": "To update Lenovo System Interface Foundation to version 1.1.19.5 or later, follow these steps: Update Lenovo Vantage to the latest version from the Microsoft Store. Re-launch Lenovo Vantage to complete the update."
}
],
"source": {
"advisory": "LEN-38717",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8346",
"datePublished": "2020-09-15T14:20:18.491Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:18:52.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8357 (GCVE-0-2020-8357)
Vulnerability from cvelistv5 – Published: 2021-03-09 16:15 – Updated: 2024-08-04 09:56
VLAI
Summary
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.
Severity
5.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://iknow.lenovo.com.cn/detail/dc_195029.html | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_195029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCManager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.0.200.2042",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks She ZhenHua for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-09T16:15:20.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_195029.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Lenovo PCManager version 3.0.200.2042 (or later)."
}
],
"source": {
"advisory": "LEN-51601",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2020-8357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCManager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0.200.2042"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks She ZhenHua for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_195029.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_195029.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Lenovo PCManager version 3.0.200.2042 (or later)."
}
],
"source": {
"advisory": "LEN-51601",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8357",
"datePublished": "2021-03-09T16:15:20.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:28.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8903 (GCVE-0-2020-8903)
Vulnerability from cvelistv5 – Published: 2020-06-22 13:45 – Updated: 2024-08-04 10:12
VLAI
Title
Priviged Escalation in Google Cloud Platform's Guest-OSLogin
Summary
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.
Severity
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/GoogleCloudPlatform/guest-oslo… | x_refsource_CONFIRM |
| https://gitlab.com/gitlab-com/gl-security/gl-redt… | x_refsource_MISC |
| https://cloud.google.com/support/bulletins/#gcp-2… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google LLC | guest-oslogin |
Affected:
20190304 , < 20200507
(date)
Unaffected: 20200507 (date) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:11.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
},
{
"name": "openSUSE-SU-2020:0996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
},
{
"name": "openSUSE-SU-2020:1014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "guest-oslogin",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "20200507",
"status": "affected",
"version": "20190304",
"versionType": "date"
},
{
"status": "unaffected",
"version": "20200507",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chris Moberly"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \u0026quot;roles/compute.osLogin\u0026quot; to escalate privileges to root. Using their membership to the \u0026quot;adm\u0026quot; group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \u0026quot;adm\u0026quot; user from the OS Login entry.\u003c/p\u003e"
}
],
"value": "A vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using their membership to the \"adm\" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"adm\" user from the OS Login entry."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T05:04:01.916Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
},
{
"name": "openSUSE-SU-2020:0996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
},
{
"name": "openSUSE-SU-2020:1014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Priviged Escalation in Google Cloud Platform\u0027s Guest-OSLogin",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8903",
"STATE": "PUBLIC",
"TITLE": "Priviged Escalation in Google Cloud Platform\u0027s Guest-OSLogin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "guest-oslogin",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "stable",
"version_value": "20190304"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Moberly"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using their membership to the \"adm\" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"adm\" user from the OS Login entry."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29",
"refsource": "CONFIRM",
"url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
},
{
"name": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
},
{
"name": "https://cloud.google.com/support/bulletins/#gcp-2020-008",
"refsource": "MISC",
"url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
},
{
"name": "openSUSE-SU-2020:0996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
},
{
"name": "openSUSE-SU-2020:1014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8903",
"datePublished": "2020-06-22T13:45:25.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:11.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8907 (GCVE-0-2020-8907)
Vulnerability from cvelistv5 – Published: 2020-06-22 13:45 – Updated: 2024-08-04 10:12
VLAI
Title
Priviged Escalation in Google Cloud Platform's Guest-OSLogin
Summary
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.
Severity
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/GoogleCloudPlatform/guest-oslo… | x_refsource_CONFIRM |
| https://gitlab.com/gitlab-com/gl-security/gl-redt… | x_refsource_MISC |
| https://cloud.google.com/support/bulletins/#gcp-2… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google LLC | guest-oslogin |
Affected:
20190304 , < 20200507
(date)
Unaffected: 20200507 (date) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-8907",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T14:20:02.577894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:14.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
},
{
"name": "openSUSE-SU-2020:0996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
},
{
"name": "openSUSE-SU-2020:1014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "guest-oslogin",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "20200507",
"status": "affected",
"version": "20190304",
"versionType": "date"
},
{
"status": "unaffected",
"version": "20200507",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chris Moberly"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \u0026quot;roles/compute.osLogin\u0026quot; to escalate privileges to root. Using their membership to the \u0026quot;docker\u0026quot; group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \u0026quot;docker\u0026quot; user from the OS Login entry.\u003c/p\u003e"
}
],
"value": "A vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using their membership to the \"docker\" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"docker\" user from the OS Login entry."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T05:01:40.209Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
},
{
"name": "openSUSE-SU-2020:0996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
},
{
"name": "openSUSE-SU-2020:1014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Priviged Escalation in Google Cloud Platform\u0027s Guest-OSLogin",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8907",
"STATE": "PUBLIC",
"TITLE": "Priviged Escalation in Google Cloud Platform\u0027s Guest-OSLogin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "guest-oslogin",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "stable",
"version_value": "20190304"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Moberly"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using their membership to the \"docker\" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"docker\" user from the OS Login entry."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29",
"refsource": "CONFIRM",
"url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
},
{
"name": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
},
{
"name": "https://cloud.google.com/support/bulletins/#gcp-2020-008",
"refsource": "MISC",
"url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
},
{
"name": "openSUSE-SU-2020:0996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
},
{
"name": "openSUSE-SU-2020:1014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8907",
"datePublished": "2020-06-22T13:45:25.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:10.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8933 (GCVE-0-2020-8933)
Vulnerability from cvelistv5 – Published: 2020-06-22 13:45 – Updated: 2024-08-04 10:12
VLAI
Title
Priviged Escalation in Google Cloud Platform's Guest-OSLogin
Summary
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.
Severity
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/GoogleCloudPlatform/guest-oslo… | x_refsource_CONFIRM |
| https://gitlab.com/gitlab-com/gl-security/gl-redt… | x_refsource_MISC |
| https://cloud.google.com/support/bulletins/#gcp-2… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google LLC | guest-oslogin |
Affected:
20190304 , < 20200507
(date)
Unaffected: 20200507 (date) |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:google:guest-oslogin:20190304.00:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "guest-oslogin",
"vendor": "google",
"versions": [
{
"lessThan": "20200507",
"status": "affected",
"version": "20190304.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-8933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:05:29.396344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:15.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
},
{
"name": "openSUSE-SU-2020:0996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
},
{
"name": "openSUSE-SU-2020:1014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "guest-oslogin",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "20200507",
"status": "affected",
"version": "20190304",
"versionType": "date"
},
{
"status": "unaffected",
"version": "20200507",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chris Moberly"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \u0026quot;roles/compute.osLogin\u0026quot; to escalate privileges to root. Using the membership to the \u0026quot;lxd\u0026quot; group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \u0026quot;lxd\u0026quot; user from the OS Login entry.\u003c/p\u003e"
}
],
"value": "A vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using the membership to the \"lxd\" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"lxd\" user from the OS Login entry."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T04:58:16.111Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
},
{
"name": "openSUSE-SU-2020:0996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
},
{
"name": "openSUSE-SU-2020:1014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Priviged Escalation in Google Cloud Platform\u0027s Guest-OSLogin",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8933",
"STATE": "PUBLIC",
"TITLE": "Priviged Escalation in Google Cloud Platform\u0027s Guest-OSLogin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "guest-oslogin",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "stable",
"version_value": "20190304"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Moberly"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Google Cloud Platform\u0027s guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using the membership to the \"lxd\" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"lxd\" user from the OS Login entry."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29",
"refsource": "CONFIRM",
"url": "https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"
},
{
"name": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"
},
{
"name": "https://cloud.google.com/support/bulletins/#gcp-2020-008",
"refsource": "MISC",
"url": "https://cloud.google.com/support/bulletins/#gcp-2020-008"
},
{
"name": "openSUSE-SU-2020:0996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html"
},
{
"name": "openSUSE-SU-2020:1014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8933",
"datePublished": "2020-06-22T13:45:26.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:10.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0235 (GCVE-0-2021-0235)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 02:36
VLAI
Title
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks
Summary
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1.
Severity
7.3 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11130 | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
18.3R1 , < 18.3*
(custom)
|
|
| Juniper Networks | Junos OS |
Affected:
18.4R1 , < 18.4*
(custom)
Affected: 19.1R1 , < 19.1* (custom) Affected: 19.2 , < 19.2R1-S6, 19.2R3-S2 (custom) Affected: 19.3 , < 19.3R3-S2 (custom) Affected: 19.4 , < 19.4R2-S4, 19.4R3-S2 (custom) |
|
| Juniper Networks | Junos OS |
Affected:
20.1 , < 20.1R2, 20.1R3
(custom)
Affected: 20.2 , < 20.2R2-S1, 20.2R3 (custom) Affected: 20.3 , < 20.3R1-S2, 20.3R2 (custom) Affected: 20.4 , < 20.4R1, 20.4R2 (custom) |
|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 18.3R1
(custom)
|
Date Public
2021-04-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:09.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3*",
"status": "affected",
"version": "18.3R1",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4*",
"status": "affected",
"version": "18.4R1",
"versionType": "custom"
},
{
"lessThan": "19.1*",
"status": "affected",
"version": "19.1R1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R2, 20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S1, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S2, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R1, 20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:02.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11130"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S2, 20.1R2, 20.1R3, 20.2R2-S1, 20.2R3, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11130",
"defect": [
"1537491"
],
"discovery": "USER"
},
"title": "Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0235",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2",
"version_affected": "\u003e=",
"version_name": "18.3",
"version_value": "18.3R1"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003e=",
"version_name": "18.4",
"version_value": "18.4R1"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003e=",
"version_name": "19.1",
"version_value": "19.1R1"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S2"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S2"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S2"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2, 20.1R3"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S1, 20.2R3"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S2, 20.3R2"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R1, 20.4R2"
},
{
"version_affected": "!\u003c",
"version_value": "18.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11130",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11130"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S2, 20.1R2, 20.1R3, 20.2R2-S1, 20.2R3, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11130",
"defect": [
"1537491"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0235",
"datePublished": "2021-04-22T19:37:02.659Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:36:59.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0246 (GCVE-0-2021-0246)
Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 00:11
VLAI
Title
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3: In a multi-tenant environment, a tenant host administrator may be able to jailbreak out of their network impacting other tenant networks or gather information from other networks.
Summary
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.3 versions prior to 18.3R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 versions prior to 18.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions prior to 19.1R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3. This issue does not affect: Juniper Networks Junos OS versions prior to 18.3R1.
Severity
7.3 (High)
CWE
- Jailbreak
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11139 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 18.3R1
(custom)
Affected: 18.4 , < 18.4R2 (custom) Affected: 19.1 , < 19.1R2 (custom) |
|
| Juniper Networks | Junos OS |
Affected:
18.3R1 , < 18.3*
(custom)
|
Date Public
2021-04-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.4R2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "18.3R3",
"status": "unaffected"
}
],
"lessThan": "18.3*",
"status": "affected",
"version": "18.3R1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Only one tenant configuration and login class must be enabled for this issue to be seen between the tenant and root or multiple tenants, for example: \n system login class \"tenant class\" tenant \"tenant\" \n system login user \"user\" uid \"id\"\n system login user \"user\" class \"tenant class\"\n tenants \"tenant\" interfaces \n tenants \"tenant\" routing-instances\n system security-profile \"tenant profile\" policy maximum \"number\"\n system security-profile \"tenant profile\" zone maximum \"number\"\n system security-profile \"tenant profile\" tenant \"tenant\"\n tenants \"tenant\" security policies default-policy deny-all"
}
],
"datePublic": "2021-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.3 versions prior to 18.3R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 versions prior to 18.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions prior to 19.1R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3. This issue does not affect: Juniper Networks Junos OS versions prior to 18.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Jailbreak",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:10.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11139"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 18.3R3, 18.4R2, 19.1R2, 19.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11139",
"defect": [
"1422058"
],
"discovery": "USER"
},
"title": "Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3: In a multi-tenant environment, a tenant host administrator may be able to jailbreak out of their network impacting other tenant networks or gather information from other networks.",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0246",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3: In a multi-tenant environment, a tenant host administrator may be able to jailbreak out of their network impacting other tenant networks or gather information from other networks."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "!\u003c",
"version_value": "18.3R1"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2",
"version_affected": "\u003e=",
"version_name": "18.3",
"version_value": "18.3R1"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "Only one tenant configuration and login class must be enabled for this issue to be seen between the tenant and root or multiple tenants, for example: \n system login class \"tenant class\" tenant \"tenant\" \n system login user \"user\" uid \"id\"\n system login user \"user\" class \"tenant class\"\n tenants \"tenant\" interfaces \n tenants \"tenant\" routing-instances\n system security-profile \"tenant profile\" policy maximum \"number\"\n system security-profile \"tenant profile\" zone maximum \"number\"\n system security-profile \"tenant profile\" tenant \"tenant\"\n tenants \"tenant\" security policies default-policy deny-all"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.3 versions prior to 18.3R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 versions prior to 18.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions prior to 19.1R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3. This issue does not affect: Juniper Networks Junos OS versions prior to 18.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Jailbreak"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11139",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11139"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 18.3R3, 18.4R2, 19.1R2, 19.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11139",
"defect": [
"1422058"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0246",
"datePublished": "2021-04-22T19:37:10.090Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:11:27.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.