Unrated severityNVD Advisory· Published Jun 12, 2020· Updated Aug 4, 2024
CVE-2020-14004
CVE-2020-14004
Description
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Icinga2/Icinga2description
- osv-coords6 versionspkg:rpm/opensuse/icinga2&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/icinga2&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/icinga2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/icinga2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/icinga2&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/icinga2&distro=SUSE%20Package%20Hub%2015%20SP2
< 2.12.1-bp152.4.3.1+ 5 more
- (no CPE)range: < 2.12.1-bp152.4.3.1
- (no CPE)range: < 2.12.1-bp152.4.3.1
- (no CPE)range: < 2.13.1-1.3
- (no CPE)range: < 2.8.2-3.6.1
- (no CPE)range: < 2.12.1-bp152.4.3.1
- (no CPE)range: < 2.12.1-bp152.4.3.1
Patches
Vulnerability mechanics
References
6- lists.opensuse.org/opensuse-security-announce/2020-11/msg00014.htmlmitrevendor-advisoryx_refsource_SUSE
- www.openwall.com/lists/oss-security/2020/06/12/1mitrex_refsource_CONFIRM
- bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
- github.com/Icinga/icinga2/compare/v2.12.0-rc1...mastermitrex_refsource_MISC
- github.com/Icinga/icinga2/pull/8045/commits/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6mitrex_refsource_MISC
- github.com/Icinga/icinga2/releasesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.