Lucene search

SuseCVELIST:CVE-2020-8030

HistoryFeb 11, 2021 - 4:00 p.m.

CVE-2020-8030 skuba: Insecure /tmp usage when joining node to cluster

2021-02-1116:00:21

CWE-377

suse

www.cve.org

cve-2020-8030

skuba

suse caas platform 4.5

insecure temporary file

local attackers

bootstraptoken

configuration file

arbitrary modifications

CVSS3

3.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

5.1%

JSON

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.

CNA Affected

[
  {
    "product": "SUSE CaaS Platform 4.5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.1.7",
        "status": "affected",
        "version": "suba",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=1177361

CVSS3

3.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2020-8030