CVE-2020-8029

CVSS V2 Low 2.1 CVSS V3 Medium 4

Description

A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.

Overview

CVE ID
CVE-2020-8029

Assigner
meissner@suse.de

Vulnerability Status
Analyzed

Published Version
2021-02-11T16:15:12

Last Modified Date
2021-02-19T16:48:06

Weakness Enumerations

CWE	URL
CWE-732	http://cwe.mitre.org/data/definitions/732.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:suse:caas_platform:4.5:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector
LOCAL

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
NONE

Availability Impact
NONE

Base Score
2.1

Severity
LOW

Exploitability Score
3.9

Impact Score
2.9

CVSS Version 3

Version
3.1

Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector
LOCAL

Attack Compatibility
LOW

Privileges Required
NONE

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
LOW

Availability Impact
NONE

Base Score
4

Base Severity
MEDIUM

Exploitability Score
2.5

Impact Score
1.4

References

Reference URL	Reference Tags
https://bugzilla.suse.com/show_bug.cgi?id=1177362	Exploit Issue Tracking Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2020-8029
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8029

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 07:22:32				Added to TrackCVE
2022-12-05 21:55:47	security@suse.com	meissner@suse.de	CVE Assigner	updated
2022-12-05 21:55:47	2021-02-11T16:15Z	2021-02-11T16:15:12	CVE Published Date	updated
2022-12-05 21:55:47		2021-02-19T16:48:06	CVE Modified Date	updated
2022-12-05 21:55:47		Analyzed	Vulnerability Status	updated