CVE-2020-8013 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-8013 PUBLISHED CVSS 2.200000047683716 LOW

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.

EPSS 0.05% · 16.4th percentile

Risk Scores

CVSS v3.1

2.200000047683716

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS Score

0.05%

16.4th percentile

Affected Products

Vendor	Product	Versions
SUSE	SUSE Linux Enterprise Server 15	permissions
opensuse	leap	15.1
suse	linux_enterprise_server	11, 12, 15
SUSE	SUSE Linux Enterprise Server 12	permissions
SUSE	SUSE Linux Enterprise Server 11	permissions

Timeline

Mar 2, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

openSUSE-SU-2020:0302 vendor-advisory
https://bugzilla.suse.com/show_bug.cgi?id=1163922 url
https://nvd.nist.gov/vuln/detail/CVE-2020-8013 advisory

Open in Interactive Console →