Vulnerability CVE-2020-8026

Vulnerability Name:

CVE-2020-8026 (CCN-186408)

Assigned:

2020-07-27

Published:

2020-07-27

Updated:

2023-01-24

Summary:

CVSS v3 Severity:

8.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.4 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.4 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2020-8026

Source: meissner@suse.de
Type: Mailing List, Third Party Advisory
meissner@suse.de

Source: meissner@suse.de
Type: Mailing List, Third Party Advisory
meissner@suse.de

Source: meissner@suse.de
Type: Mailing List, Third Party Advisory
meissner@suse.de

Source: meissner@suse.de
Type: Mailing List, Third Party Advisory
meissner@suse.de

Source: CCN
Type: Bugzilla - Bug 1172573
(CVE-2020-8026) VUL-0: CVE-2020-8026: inn: non-root owned files

Source: meissner@suse.de
Type: Issue Tracking, Vendor Advisory
meissner@suse.de

Source: XF
Type: UNKNOWN
opensuse-cve20208026-priv-esc(186408)

Source: CCN
Type: openSUSE Web site
inn package for openSUSE

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20208026	V	CVE-2020-8026	2022-05-22
oval:org.opensuse.security:def:64795	P	Security update for libvirt (Moderate)	2021-11-05
oval:org.opensuse.security:def:64586	P	Security update for systemd (Moderate)	2021-10-12
oval:org.opensuse.security:def:64585	P	Security update for libcryptopp (Moderate)	2021-10-06
oval:org.opensuse.security:def:63446	P	perl-32bit-5.26.1-7.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62827	P	python3-cupshelpers-1.5.7-6.27 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63045	P	velocity-1.7-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63038	P	perl-doc-5.26.1-15.87 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63042	P	python39-tools-3.9.4-2.9 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63541	P	icedtea-web-1.7.1-1.48 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64693	P	Security update for hivex (Moderate)	2021-05-26
oval:org.opensuse.security:def:64495	P	Security update for the Linux Kernel (Important)	2021-05-12
oval:org.opensuse.security:def:63070	P	java-10-openjdk-10.0.2.0-3.3.3 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:64449	P	Security update for clamav (Moderate)	2020-12-14
oval:org.opensuse.security:def:62627	P	flatpak-1.6.3-2.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62626	P	firewall-applet-0.5.5-4.24.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63308	P	uuidd-2.33.1-4.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63248	P	389-ds-1.4.3.9~git0.3eb8617f6-1.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62650	P	libQt5OpenGLExtensions-devel-static-5.12.7-2.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63106	P	python3-paramiko-2.4.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:74907	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:64341	P	libjson-c-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63999	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:63891	P	Security update for bash (Important)	2020-12-01
oval:org.opensuse.security:def:74561	P	Security update for inn (Moderate)	2020-12-01
oval:org.opensuse.security:def:64965	P	Security update for mariadb-connector-c (Important)	2020-12-01
oval:org.opensuse.security:def:64239	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63672	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:75040	P	Security update for inn (Moderate)	2020-12-01
oval:org.opensuse.security:def:64383	P	libsndfile-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64133	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:63744	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:74435	P	Security update for docker-runc (Moderate)	2020-12-01
oval:org.opensuse.security:def:64120	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:64853	P	Security update for polkit (Important)	2020-12-01
oval:org.opensuse.security:def:96354	P	Security update for inn (Moderate)	2020-09-14
oval:org.opensuse.security:def:109701	P	Security update for inn (Moderate)	2020-09-14
oval:org.opensuse.security:def:103044	P	Security update for inn (Moderate)	2020-09-14
oval:org.opensuse.security:def:100220	P	Security update for inn (Moderate)	2020-08-31
oval:org.opensuse.security:def:93507	P	Security update for inn (Moderate)	2020-08-31
oval:org.opensuse.security:def:110735	P	Security update for inn (Moderate)	2020-08-27
oval:org.opensuse.security:def:110185	P	Security update for inn (Moderate)	2020-08-27

BACK