Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for openSUSE Tumbleweed by openSUSE

    CVE-2020-8026 (GCVE-0-2020-8026)

    Vulnerability from nvd – Published: 2020-08-07 09:25 – Updated: 2024-09-16 16:57
    VLAI
    Title
    inn: non-root owned files
    Summary
    A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    openSUSE openSUSE Leap 15.2 Affected: inn , ≤ 2.6.2-lp152.1.26 (custom)
    Create a notification for this product.
    openSUSE openSUSE Tumbleweed Affected: inn , ≤ 2.6.2-4.2 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.1 Affected: inn , ≤ 2.5.4-lp151.3.3.1 (custom)
    Create a notification for this product.
    Date Public
    2020-07-24 00:00
    Credits
    Matthias Gerstner/Johannes Segitz of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:24.996Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573"
              },
              {
                "name": "openSUSE-SU-2020:1271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html"
              },
              {
                "name": "openSUSE-SU-2020:1272",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html"
              },
              {
                "name": "openSUSE-SU-2020:1304",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html"
              },
              {
                "name": "openSUSE-SU-2020:1427",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openSUSE Leap 15.2",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.2-lp152.1.26",
                  "status": "affected",
                  "version": "inn",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Tumbleweed",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.2-4.2",
                  "status": "affected",
                  "version": "inn",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.4-lp151.3.3.1",
                  "status": "affected",
                  "version": "inn",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Matthias Gerstner/Johannes Segitz of SUSE"
            }
          ],
          "datePublic": "2020-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-18T17:06:35.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573"
            },
            {
              "name": "openSUSE-SU-2020:1271",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2020:1272",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html"
            },
            {
              "name": "openSUSE-SU-2020:1304",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html"
            },
            {
              "name": "openSUSE-SU-2020:1427",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172573",
            "defect": [
              "1172573"
            ],
            "discovery": "INTERNAL"
          },
          "title": "inn: non-root owned files",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-07-24T00:00:00.000Z",
              "ID": "CVE-2020-8026",
              "STATE": "PUBLIC",
              "TITLE": "inn: non-root owned files"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "inn",
                                "version_value": "2.6.2-lp152.1.26"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "openSUSE Tumbleweed",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "inn",
                                "version_value": "2.6.2-4.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "inn",
                                "version_value": "2.5.4-lp151.3.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Matthias Gerstner/Johannes Segitz of SUSE"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-276: Incorrect Default Permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1172573",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573"
                },
                {
                  "name": "openSUSE-SU-2020:1271",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html"
                },
                {
                  "name": "openSUSE-SU-2020:1272",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html"
                },
                {
                  "name": "openSUSE-SU-2020:1304",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html"
                },
                {
                  "name": "openSUSE-SU-2020:1427",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172573",
              "defect": [
                "1172573"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2020-8026",
        "datePublished": "2020-08-07T09:25:13.939Z",
        "dateReserved": "2020-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:57:41.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8025 (GCVE-0-2020-8025)

    Vulnerability from nvd – Published: 2020-08-07 10:10 – Updated: 2024-09-16 19:09
    VLAI
    Title
    outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues
    Summary
    A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624.
    CWE
    • CWE-279 - Incorrect Execution-Assigned Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Server 12-SP4 Affected: permissions , < 20170707-3.24.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15-LTSS Affected: permissions , < 20180125-3.27.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP 15 Affected: permissions , < 20180125-3.27.1 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.1 Affected: permissions , < 20181116-lp151.4.24.1 (custom)
    Create a notification for this product.
    openSUSE openSUSE Tumbleweed Affected: permissions , < 20200624 (custom)
    Create a notification for this product.
    Date Public
    2020-07-06 00:00
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:25.473Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171883"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Server 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "20170707-3.24.1",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server 15-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "20180125-3.27.1",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server for SAP 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "20180125-3.27.1",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "20181116-lp151.4.24.1",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Tumbleweed",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "20200624",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2020-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-279",
                  "description": "CWE-279: Incorrect Execution-Assigned Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-07T10:10:14.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171883"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1171883",
            "defect": [
              "1171883"
            ],
            "discovery": "INTERNAL"
          },
          "title": "outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-07-06T00:00:00.000Z",
              "ID": "CVE-2020-8025",
              "STATE": "PUBLIC",
              "TITLE": "outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SUSE Linux Enterprise Server 12-SP4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "permissions",
                                "version_value": "20170707-3.24.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server 15-LTSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "permissions",
                                "version_value": "20180125-3.27.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server for SAP 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "permissions",
                                "version_value": "20180125-3.27.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SUSE"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "permissions",
                                "version_value": "20181116-lp151.4.24.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "openSUSE Tumbleweed",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "permissions",
                                "version_value": "20200624"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Matthias Gerstner of SUSE"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-279: Incorrect Execution-Assigned Permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1171883",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171883"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1171883",
              "defect": [
                "1171883"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2020-8025",
        "datePublished": "2020-08-07T10:10:14.243Z",
        "dateReserved": "2020-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:09:19.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8014 (GCVE-0-2020-8014)

    Vulnerability from nvd – Published: 2020-06-29 12:00 – Updated: 2024-09-17 03:13
    VLAI
    Title
    kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage
    Summary
    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1.
    CWE
    • CWE-61 - UNIX Symbolic Link (Symlink) Following
    Assigner
    References
    Impacted products
    Vendor Product Version
    openSUSE openSUSE Leap 15.1 Affected: kopano-spamd , < 10.0.5-lp151.4.1 (custom)
    Create a notification for this product.
    openSUSE openSUSE Tumbleweed Affected: kopano-spamd , < 10.0.5-1.1 (custom)
    Create a notification for this product.
    Date Public
    2020-05-19 00:00
    Credits
    Johannes Segitz of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:25.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1164131"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "10.0.5-lp151.4.1",
                  "status": "affected",
                  "version": "kopano-spamd",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Tumbleweed",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "10.0.5-1.1",
                  "status": "affected",
                  "version": "kopano-spamd",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Johannes Segitz of SUSE"
            }
          ],
          "datePublic": "2020-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-61",
                  "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-29T12:00:22.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1164131"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1164131",
            "defect": [
              "1164131"
            ],
            "discovery": "INTERNAL"
          },
          "title": "kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-05-19T00:00:00.000Z",
              "ID": "CVE-2020-8014",
              "STATE": "PUBLIC",
              "TITLE": "kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "kopano-spamd",
                                "version_value": "10.0.5-lp151.4.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "openSUSE Tumbleweed",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "kopano-spamd",
                                "version_value": "10.0.5-1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Johannes Segitz of SUSE"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1164131",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1164131"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1164131",
              "defect": [
                "1164131"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2020-8014",
        "datePublished": "2020-06-29T12:00:23.054Z",
        "dateReserved": "2020-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:57.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8025 (GCVE-0-2020-8025)

    Vulnerability from cvelistv5 – Published: 2020-08-07 10:10 – Updated: 2024-09-16 19:09
    VLAI
    Title
    outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues
    Summary
    A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624.
    CWE
    • CWE-279 - Incorrect Execution-Assigned Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Server 12-SP4 Affected: permissions , < 20170707-3.24.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15-LTSS Affected: permissions , < 20180125-3.27.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP 15 Affected: permissions , < 20180125-3.27.1 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.1 Affected: permissions , < 20181116-lp151.4.24.1 (custom)
    Create a notification for this product.
    openSUSE openSUSE Tumbleweed Affected: permissions , < 20200624 (custom)
    Create a notification for this product.
    Date Public
    2020-07-06 00:00
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:25.473Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171883"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Server 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "20170707-3.24.1",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server 15-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "20180125-3.27.1",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server for SAP 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "20180125-3.27.1",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "20181116-lp151.4.24.1",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Tumbleweed",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "20200624",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2020-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-279",
                  "description": "CWE-279: Incorrect Execution-Assigned Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-07T10:10:14.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171883"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1171883",
            "defect": [
              "1171883"
            ],
            "discovery": "INTERNAL"
          },
          "title": "outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-07-06T00:00:00.000Z",
              "ID": "CVE-2020-8025",
              "STATE": "PUBLIC",
              "TITLE": "outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SUSE Linux Enterprise Server 12-SP4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "permissions",
                                "version_value": "20170707-3.24.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server 15-LTSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "permissions",
                                "version_value": "20180125-3.27.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server for SAP 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "permissions",
                                "version_value": "20180125-3.27.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SUSE"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "permissions",
                                "version_value": "20181116-lp151.4.24.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "openSUSE Tumbleweed",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "permissions",
                                "version_value": "20200624"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Matthias Gerstner of SUSE"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-279: Incorrect Execution-Assigned Permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1171883",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171883"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1171883",
              "defect": [
                "1171883"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2020-8025",
        "datePublished": "2020-08-07T10:10:14.243Z",
        "dateReserved": "2020-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:09:19.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8026 (GCVE-0-2020-8026)

    Vulnerability from cvelistv5 – Published: 2020-08-07 09:25 – Updated: 2024-09-16 16:57
    VLAI
    Title
    inn: non-root owned files
    Summary
    A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    openSUSE openSUSE Leap 15.2 Affected: inn , ≤ 2.6.2-lp152.1.26 (custom)
    Create a notification for this product.
    openSUSE openSUSE Tumbleweed Affected: inn , ≤ 2.6.2-4.2 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.1 Affected: inn , ≤ 2.5.4-lp151.3.3.1 (custom)
    Create a notification for this product.
    Date Public
    2020-07-24 00:00
    Credits
    Matthias Gerstner/Johannes Segitz of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:24.996Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573"
              },
              {
                "name": "openSUSE-SU-2020:1271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html"
              },
              {
                "name": "openSUSE-SU-2020:1272",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html"
              },
              {
                "name": "openSUSE-SU-2020:1304",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html"
              },
              {
                "name": "openSUSE-SU-2020:1427",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openSUSE Leap 15.2",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.2-lp152.1.26",
                  "status": "affected",
                  "version": "inn",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Tumbleweed",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.2-4.2",
                  "status": "affected",
                  "version": "inn",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.4-lp151.3.3.1",
                  "status": "affected",
                  "version": "inn",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Matthias Gerstner/Johannes Segitz of SUSE"
            }
          ],
          "datePublic": "2020-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-18T17:06:35.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573"
            },
            {
              "name": "openSUSE-SU-2020:1271",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2020:1272",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html"
            },
            {
              "name": "openSUSE-SU-2020:1304",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html"
            },
            {
              "name": "openSUSE-SU-2020:1427",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172573",
            "defect": [
              "1172573"
            ],
            "discovery": "INTERNAL"
          },
          "title": "inn: non-root owned files",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-07-24T00:00:00.000Z",
              "ID": "CVE-2020-8026",
              "STATE": "PUBLIC",
              "TITLE": "inn: non-root owned files"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "inn",
                                "version_value": "2.6.2-lp152.1.26"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "openSUSE Tumbleweed",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "inn",
                                "version_value": "2.6.2-4.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "inn",
                                "version_value": "2.5.4-lp151.3.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Matthias Gerstner/Johannes Segitz of SUSE"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-276: Incorrect Default Permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1172573",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1172573"
                },
                {
                  "name": "openSUSE-SU-2020:1271",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html"
                },
                {
                  "name": "openSUSE-SU-2020:1272",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html"
                },
                {
                  "name": "openSUSE-SU-2020:1304",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html"
                },
                {
                  "name": "openSUSE-SU-2020:1427",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172573",
              "defect": [
                "1172573"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2020-8026",
        "datePublished": "2020-08-07T09:25:13.939Z",
        "dateReserved": "2020-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:57:41.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8014 (GCVE-0-2020-8014)

    Vulnerability from cvelistv5 – Published: 2020-06-29 12:00 – Updated: 2024-09-17 03:13
    VLAI
    Title
    kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage
    Summary
    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1.
    CWE
    • CWE-61 - UNIX Symbolic Link (Symlink) Following
    Assigner
    References
    Impacted products
    Vendor Product Version
    openSUSE openSUSE Leap 15.1 Affected: kopano-spamd , < 10.0.5-lp151.4.1 (custom)
    Create a notification for this product.
    openSUSE openSUSE Tumbleweed Affected: kopano-spamd , < 10.0.5-1.1 (custom)
    Create a notification for this product.
    Date Public
    2020-05-19 00:00
    Credits
    Johannes Segitz of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:25.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1164131"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "10.0.5-lp151.4.1",
                  "status": "affected",
                  "version": "kopano-spamd",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Tumbleweed",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "10.0.5-1.1",
                  "status": "affected",
                  "version": "kopano-spamd",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Johannes Segitz of SUSE"
            }
          ],
          "datePublic": "2020-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-61",
                  "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-29T12:00:22.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1164131"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1164131",
            "defect": [
              "1164131"
            ],
            "discovery": "INTERNAL"
          },
          "title": "kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-05-19T00:00:00.000Z",
              "ID": "CVE-2020-8014",
              "STATE": "PUBLIC",
              "TITLE": "kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "kopano-spamd",
                                "version_value": "10.0.5-lp151.4.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "openSUSE Tumbleweed",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "kopano-spamd",
                                "version_value": "10.0.5-1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Johannes Segitz of SUSE"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1164131",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1164131"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1164131",
              "defect": [
                "1164131"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2020-8014",
        "datePublished": "2020-06-29T12:00:23.054Z",
        "dateReserved": "2020-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:57.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }