CVE-2020-8016
A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
EPSS 0.09% · 26.3th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| opensuse | texlive-filesystem | 0, 0, 0 |
| SUSE | SUSE Linux Enterprise Software Development Kit 12-SP5 | texlive-filesystem |
| openSUSE | openSUSE Leap 15.1 | texlive-filesystem |
| SUSE | SUSE Linux Enterprise Module for Desktop Applications 15-SP1 | texlive-filesystem |
| SUSE | SUSE Linux Enterprise Software Development Kit 12-SP4 | texlive-filesystem |
Exploit Intelligence
- https://bugzilla.suse.com/show_bug.cgi?id=1159740 (nist-nvd)
- openSUSE-SU-2020:0804 (circl)
Timeline
- Apr 2, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- openSUSE-SU-2020:0804 vendor-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1159740 url
- https://nvd.nist.gov/vuln/detail/CVE-2020-8016 advisory