7.8
CVE-2020-8023
- EPSS 0.02%
- Published 01.09.2020 12:15:10
- Last modified 21.11.2024 05:38:14
- Source meissner@suse.de
- Teams watchlist Login
- Open Login
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.
Data is provided by the National Vulnerability Database (NVD)
Opensuse ≫ Openldap2 Version < 2.4.41-18.71.2
Suse ≫ Enterprise Storage Version5.0
Suse ≫ Openstack Cloud Version7.0
Suse ≫ Openstack Cloud Version8.0
Suse ≫ Openstack Cloud Crowbar Version8.0
Suse ≫ Linux Enterprise Server Version12 Updatesp2
Suse ≫ Linux Enterprise Server Version12 Updatesp2 SwPlatformsap
Suse ≫ Linux Enterprise Server Version12 Updatesp2 SwEditionltss
Suse ≫ Linux Enterprise Server Version12 Updatesp3 SwPlatformsap
Suse ≫ Linux Enterprise Server Version12 Updatesp3 SwEdition- SwPlatform-
Suse ≫ Linux Enterprise Server Version12 Updatesp3 SwEditionltss
Suse ≫ Linux Enterprise Server Version12 Updatesp4
Suse ≫ Linux Enterprise Server Version12 Updatesp5
Suse ≫ Openstack Cloud Version7.0
Suse ≫ Openstack Cloud Version8.0
Suse ≫ Openstack Cloud Crowbar Version8.0
Suse ≫ Linux Enterprise Server Version12 Updatesp2
Suse ≫ Linux Enterprise Server Version12 Updatesp2 SwPlatformsap
Suse ≫ Linux Enterprise Server Version12 Updatesp2 SwEditionltss
Suse ≫ Linux Enterprise Server Version12 Updatesp3 SwPlatformsap
Suse ≫ Linux Enterprise Server Version12 Updatesp3 SwEdition- SwPlatform-
Suse ≫ Linux Enterprise Server Version12 Updatesp3 SwEditionltss
Suse ≫ Linux Enterprise Server Version12 Updatesp4
Suse ≫ Linux Enterprise Server Version12 Updatesp5
Opensuse ≫ Openldap2 Version < 2.4.26-0.74.13.1
Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp3
Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp4
Suse ≫ Linux Enterprise Point Of Sale Version11 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Update-
Suse ≫ Linux Enterprise Server Version11 Updatesp4 SwEditionltss
Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp4
Suse ≫ Linux Enterprise Point Of Sale Version11 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Update-
Suse ≫ Linux Enterprise Server Version11 Updatesp4 SwEditionltss
Opensuse ≫ Openldap2 Version < 2.4.46-9.31.1
Suse ≫ Linux Enterprise Server Version15 SwPlatformltss
Suse ≫ Linux Enterprise Server Version15 SwPlatformsap
Suse ≫ Linux Enterprise Server Version15 SwPlatformsap
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.029 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| meissner@suse.de | 7.7 | 2.5 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.