Unrated severityNVD Advisory· Published May 26, 2021· Updated Aug 4, 2024

CVE-2020-25697

Description

A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.

Affected products

Xorg/Xorg-x11-serverdescription
osv-coords23 versions
pkg:apk/chainguard/gtf pkg:apk/chainguard/Xnest pkg:apk/chainguard/xorg-server pkg:apk/chainguard/xorg-server-common pkg:apk/chainguard/xorg-server-dev pkg:apk/chainguard/xorg-server-doc pkg:apk/chainguard/Xvfb pkg:apk/chainguard/xvfb-run pkg:apk/wolfi/gtf pkg:apk/wolfi/Xnest pkg:apk/wolfi/xorg-server pkg:apk/wolfi/xorg-server-common pkg:apk/wolfi/xorg-server-dev pkg:apk/wolfi/xorg-server-doc pkg:apk/wolfi/Xvfb pkg:apk/wolfi/xvfb-run pkg:rpm/opensuse/xtrans&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/xtrans&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/xtrans&distro=openSUSE%20Tumbleweed pkg:rpm/suse/xtrans&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/xtrans&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/xtrans&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/xtrans&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 0+ 22 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.3.5-150000.3.3.1
- (no CPE)range: < 1.3.5-150000.3.3.1
- (no CPE)range: < 1.5.0-1.1
- (no CPE)range: < 1.3.5-150000.3.3.1
- (no CPE)range: < 1.3.5-150000.3.3.1
- (no CPE)range: < 1.3.5-150000.3.3.1
- (no CPE)range: < 1.3.5-5.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2020/11/09/3mitremailing-listx_refsource_MLISTx_refsource_MISC
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3Emitremailing-listx_refsource_MLIST
seclists.org/oss-sec/2020/q4/105mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000