CVE-2020-8026— inn: non-root owned files
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-8026
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
inn: non-root owned files
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缺省权限不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
SUSE openSUSE inn 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
openSUSE是德国SUSE公司的一套基于Linux的自由操作系统与开源社区项目。 SUSE openSUSE中的inn存在安全漏洞。本地攻击者可利用该漏洞将权限提升至root。以下产品及版本受到影响:openSUSE Leap 15.2版本(inn 2.6.2-lp152.1.26及之前版本),openSUSE Leap 15.1版本(inn 2.5.4-lp151.3.3.1及之前版本),openSUSE Tumbleweed(inn 2.6.2-4.2及之前版本)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| openSUSE | openSUSE Leap 15.2 | inn ~ 2.6.2-lp152.1.26 | - | |
| openSUSE | openSUSE Tumbleweed | inn ~ 2.6.2-4.2 | - | |
| openSUSE | openSUSE Leap 15.1 | inn ~ 2.5.4-lp151.3.3.1 | - |
II. Public POCs for CVE-2020-8026
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-8026
请登录查看更多情报信息。
- https://bugzilla.suse.com/show_bug.cgi?id=1172573x_refsource_CONFIRM
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.htmlvendor-advisoryx_refsource_SUSE
- https://nvd.nist.gov/vuln/detail/CVE-2020-8026
IV. Related Vulnerabilities
Same vendor: openSUSE
V. Comments for CVE-2020-8026
No comments yet