Vulnerability Details : CVE-2020-8030
Potential exploit
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.
Products affected by CVE-2020-8030
- cpe:2.3:a:suse:caas_platform:4.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8030
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8030
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST | |
|
3.6
|
LOW | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |
1.0
|
2.5
|
SUSE | |
|
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
1.8
|
2.5
|
NIST |
CWE ids for CVE-2020-8030
-
Creating and using insecure temporary files can leave application and system data vulnerable to attack.Assigned by: meissner@suse.de (Primary)
References for CVE-2020-8030
-
https://bugzilla.suse.com/show_bug.cgi?id=1177361
Bug 1177361 – VUL-0: CVE-2020-8030: skuba: Insecure /tmp usage when joining node to clusterExploit;Issue Tracking;Vendor Advisory
Jump to