CVE-2020-8015 is a vulnerability in OpenSuse Factory
Published on April 2, 2020
Local privilege escalation in exim package from user mail to root
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
Vulnerability Analysis
CVE-2020-8015 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2020-8015 has been classified to as an insecure temporary file vulnerability or weakness.
Products Associated with CVE-2020-8015
Want to know whenever a new CVE is published for OpenSuse Factory? stack.watch will email you.
Affected Versions
openSUSE Factory:- Version exim and below 4.93.0.4-3.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.