CVE-2020-8026
HIGHopenSUSE Leap 15.2, Tumbleweed, Leap 15.1 - Privilege Escalation
Title source: llmDescription
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
References (5)
Core 5
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1172573
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html
Scores
CVSS v3
8.4
EPSS
0.0005
EPSS Percentile
16.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (4)
opensuse/backports_sle
15.0 sp1 (2 CPE variants)
opensuse/leap
15.1
opensuse/leap
15.2
opensuse/tumbleweed
< 2.6.2-4.2
Published
Aug 07, 2020
Tracked Since
Feb 18, 2026