Unrated severityNVD Advisory· Published Aug 7, 2020· Updated Sep 16, 2024
inn: non-root owned files
CVE-2020-8026
Description
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- Range: <=2.6.2-lp152.1.26 (Leap 15.2), <=2.6.2-4.2 (Tumbleweed), <=2.5.4-lp151.3.3.1 (Leap 15.1)
- osv-coords4 versionspkg:rpm/opensuse/inn&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/inn&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/inn&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/inn&distro=SUSE%20Package%20Hub%2015%20SP2
< 2.5.4-lp151.3.6.1+ 3 more
- (no CPE)range: < 2.5.4-lp151.3.6.1
- (no CPE)range: < 2.6.2-lp152.2.3.1
- (no CPE)range: < 2.5.4-bp151.4.6.1
- (no CPE)range: < 2.6.2-bp152.2.4.1
- openSUSE/openSUSE Leap 15.1v5Range: inn
- openSUSE/openSUSE Leap 15.2v5Range: inn
- openSUSE/openSUSE Tumbleweedv5Range: inn
Patches
Vulnerability mechanics
References
5- lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.htmlmitrevendor-advisoryx_refsource_SUSE
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.