Vulnerability Details : CVE-2020-8025
Potential exploit
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624.
Products affected by CVE-2020-8025
- cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15:*:*:*:espos:*:*:*
- cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15:*:*:*:ltss:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8025
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8025
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
1.8
|
3.7
|
SUSE | |
9.3
|
CRITICAL | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
2.5
|
6.0
|
NIST |
CWE ids for CVE-2020-8025
-
While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.Assigned by: meissner@suse.de (Primary)
References for CVE-2020-8025
-
https://bugzilla.suse.com/show_bug.cgi?id=1171883
Bug 1171883 – VUL-0: CVE-2020-8025: pcp: outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issuesExploit;Issue Tracking;Vendor Advisory
Jump to