Lucene search

[email protected]NVD:CVE-2020-8030

HistoryFeb 11, 2021 - 4:15 p.m.

CVE-2020-8030

2021-02-1116:15:12

CWE-377

[email protected]

web.nvd.nist.gov

insecure temporary file

skuba

suse caas platform 4.5

leakage

bootstraptoken

arbitrary modifications

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

5.1%

JSON

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.

Affected configurations

Nvd

Node

susecaas_platformMatch4.5

VendorProductVersionCPE
susecaas_platform4.5cpe:2.3:a:suse:caas_platform:4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
suse	caas_platform	4.5	cpe:2.3:a:suse:caas_platform:4.5:::::::*

References

bugzilla.suse.com/show_bug.cgi?id=1177361

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2020-8030

prion1 cvelist1 cve1