CVE-2020-8017
A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
EPSS 0.02% · 6.8th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux Enterprise Module for Desktop Applications 15-SP1 | * |
| openSUSE | openSUSE Leap 15.1 | texlive-filesystem |
| SUSE | SUSE Linux Enterprise Software Development Kit 12-SP5 | texlive-filesystem |
| opensuse | leap | 15.1 |
| SUSE | SUSE Linux Enterprise Software Development Kit 12-SP4 | texlive-filesystem |
| opensuse | texlive-filesystem | 0, 0, 0 |
Exploit Intelligence
Timeline
- Apr 2, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- openSUSE-SU-2020:0804 vendor-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1158910 url
- https://nvd.nist.gov/vuln/detail/CVE-2020-8017 advisory