VDB

CVE-2020-14004

CVE-2020-14004 PUBLISHED

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.

EPSS 0.22% · 45.2th percentile

Risk Scores

EPSS Score
0.22%
45.2th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSicinga22.7.0-1, 2.8.1-0ubuntu2, 0
Ubuntu:22.04:LTSicinga22.13.2-1build2, 0, 2.13.2-1
Ubuntu:16.04:LTSicinga22.4.1-2, 0, 2.4.1-2ubuntu1
Ubuntu:20.04:LTSicinga22.11.2-1ubuntu3, 2.11.2-1ubuntu1, 2.11.2-1ubuntu2
Ubuntu:25.10icinga22.15.0-1, 0, 2.14.5-1
Ubuntu:24.04:LTSicinga22.14.1-1, 2.13.8-1, 0

Exploit Intelligence

Timeline

  • Jun 12, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›