opensuse leap CVE-2020-8022 in OpenSuse and Suse Products
Published on June 29, 2020

User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges

product logo product logo
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2020-8022 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.


Products Associated with CVE-2020-8022

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-8022 are published in these products:

OpenSuse Leap
 
Suse Linux Enterprise Server
 
Suse Openstack Cloud
 

Affected Versions

SUSE Enterprise Storage 5: SUSE Linux Enterprise Server 12-SP2-BCL: SUSE Linux Enterprise Server 12-SP2-LTSS: SUSE Linux Enterprise Server 12-SP3-BCL: SUSE Linux Enterprise Server 12-SP3-LTSS: SUSE Linux Enterprise Server 12-SP4: SUSE Linux Enterprise Server 12-SP5: SUSE Linux Enterprise Server 15-LTSS: SUSE Linux Enterprise Server for SAP 12-SP2: SUSE Linux Enterprise Server for SAP 12-SP3: SUSE Linux Enterprise Server for SAP 15: SUSE OpenStack Cloud 7: SUSE OpenStack Cloud 8: SUSE OpenStack Cloud Crowbar 8:

Exploit Probability

EPSS
0.19%
Percentile
40.40%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.