Vulnerability Name:

CVE-2020-8028

Assigned:2020-09-17
Published:2020-09-17
Updated:2020-09-28
Summary:A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.
CVSS v3 Severity:9.3 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-284
References:Source: MITRE
Type: CNA
CVE-2020-8028

Source: CONFIRM
Type: Exploit, Issue Tracking, Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1175884

Vulnerable Configuration:Configuration 1:
  • cpe:/a:suse:salt-netapi-client:*:*:*:*:*:*:*:* (Version < 0.17.0-3.3.2)
  • AND
  • cpe:/a:suse:manager_server:4.1:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:suse:salt-netapi-client:*:*:*:*:*:*:*:* (Version < 0.16.0-4.14.1)
  • AND
  • cpe:/a:suse:manager_server:3.2:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:suse:salt-netapi-client:*:*:*:*:*:*:*:* (Version < 0.17.0-4.6.3)
  • AND
  • cpe:/a:suse:manager_server:4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2020-8028 (CCN-188520)

    Assigned:2020-09-17
    Published:2020-09-17
    Updated:2020-09-28
    Summary:A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.
    CVSS v3 Severity:9.3 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
    8.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
    8.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Type:CWE-284
    Vulnerability Consequences:Gain Privileges
    References:Source: MITRE
    Type: CNA
    CVE-2020-8028

    Source: CCN
    Type: Bugzilla - Bug 1175884
    (CVE-2020-8028) VUL-0: CVE-2020-8028: salt: salt-api is accessible to every user on SUSE Manager Server

    Source: CONFIRM
    Type: Exploit, Issue Tracking, Vendor Advisory
    https://bugzilla.suse.com/show_bug.cgi?id=1175884

    Source: XF
    Type: UNKNOWN
    suse-cve20208028-priv-esc(188520)

    Source: CCN
    Type: SUSE Web site
    SUSE Linux Enterprise Module for SUSE Manager products

    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20208028
    V
    		CVE-2020-8028
    2022-05-22
    oval:org.opensuse.security:def:67346
    P
    		Security update for glib-networking (Important)
    2021-12-06
    oval:org.opensuse.security:def:65997
    P
    		Security update for postgresql10 and postgresql12 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:67445
    P
    		Security update for for SUSE Manager 4.1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:66089
    P
    		Security update for SUSE Manager Server 4.0 (Important)
    2020-12-01
    oval:org.opensuse.security:def:91684
    P
    		Security update for SUSE Manager Server 4.0 (Important)
    2020-09-16
    oval:org.opensuse.security:def:95972
    P
    		Security update for for SUSE Manager 4.1 (Important)
    2020-09-16
    BACK
    suse salt-netapi-client *
    suse manager server 4.1
    suse salt-netapi-client *
    suse manager server 3.2
    suse salt-netapi-client *
    suse manager server 4.0