VDB
CVE-2020-8024
CVE-2020-8024
PUBLISHED
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.
EPSS 0.16% · 36.0th percentile
Risk Scores
EPSS Score
0.16%
36.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | hylafax | 3:6.0.6-6+deb8u1build0.16.04.1, 0, 3:6.0.6-6 |
| Ubuntu:24.04:LTS | hylafax | 3:6.0.7-7, 0, 3:6.0.7-5build1 |
| Ubuntu:25.10 | hylafax | 0, *, 3:6.0.7-11.1 |
| Ubuntu:20.04:LTS | hylafax | 3:6.0.6-8.1build1, 0 |
| Ubuntu:18.04:LTS | hylafax | 3:6.0.6-8, 3:6.0.6-8.1~ubuntu0.18.04.1, 0 |
| Ubuntu:22.04:LTS | hylafax | *, 0 |
Exploit Intelligence
Timeline
- Jun 29, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-8024 third-party-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1172731 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8024 third-party-advisory