CVE-2020-8018
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15 SP1 | SLES15-SP1-CAP-Deployment-BYOS <= 1.0.1 | affected |
| SUSE | SUSE Linux Enterprise Server 15 SP1 | SLES15-SP1-CHOST-BYOS <= 1.0.3 | affected |
Weaknesses
- CWE-276: CWE-276: Incorrect Default Permissions
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.