CVE-2020-8032 - OpenCVE

A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensuse	Cyrus-sasl

Configuration 1 [-]

cpe:2.3:a:opensuse:cyrus-sasl:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1180669

History

No history.

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2021-02-25T09:15:17.275483Z

Updated: 2024-09-16T20:03:06.806Z

Reserved: 2020-01-27T00:00:00

Link: CVE-2020-8032

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-25T10:15:12.773

Modified: 2021-03-03T15:41:33.553

Link: CVE-2020-8032

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Factory", "vendor": "openSUSE", "versions": [{"lessThanOrEqual": "2.1.27-4.2", "status": "affected", "version": "cyrus-sasl", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Johannes Segitz of SUSE"}], "datePublic": "2021-02-25T00:00:00", "descriptions": [{"lang": "en", "value": "A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-377", "description": "CWE-377: Insecure Temporary File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-25T09:15:17", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180669"}], "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1180669", "defect": ["1180669"], "discovery": "INTERNAL"}, "title": "Local privilege escalation to root due to insecure tmp file usage", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2021-02-25T00:00:00.000Z", "ID": "CVE-2020-8032", "STATE": "PUBLIC", "TITLE": "Local privilege escalation to root due to insecure tmp file usage"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Factory", "version": {"version_data": [{"version_affected": "<=", "version_name": "cyrus-sasl", "version_value": "2.1.27-4.2"}]}}]}, "vendor_name": "openSUSE"}]}}, "credit": [{"lang": "eng", "value": "Johannes Segitz of SUSE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-377: Insecure Temporary File"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.suse.com/show_bug.cgi?id=1180669", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180669"}]}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1180669", "defect": ["1180669"], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:48:24.966Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180669"}]}]}, "cveMetadata": {"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2020-8032", "datePublished": "2021-02-25T09:15:17.275483Z", "dateReserved": "2020-01-27T00:00:00", "dateUpdated": "2024-09-16T20:03:06.806Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:cyrus-sasl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D32B168D-F48F-40BD-B4F3-07E0EDCB9014", "versionEndIncluding": "2.1.27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions."}, {"lang": "es", "value": "Una vulnerabilidad de Archivo Temporal No Seguro en el paquete de cyrus-sasl de openSUSE Factory, permite a atacantes locales escalar a root. Este problema afecta a: openSUSE Factory cyrus-sasl versi\u00f3n 2.1.27-4.2 y versiones anteriores"}], "id": "CVE-2020-8032", "lastModified": "2021-03-03T15:41:33.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.2, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2021-02-25T10:15:12.773", "references": [{"source": "meissner@suse.de", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180669"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-377"}], "source": "meissner@suse.de", "type": "Primary"}]}