What is CVE-2020-8013?

CVE-2020-8013 is a low-severity vulnerability in Suse Linux Enterprise Server 11, classified under Improper Link Resolution Before File Access. CVSS score: 2.2/10. Published 2020-03-02.

How severe is CVE-2020-8013?

Low severity. CVSS v3 base score is 2.2 out of 10.

Is CVE-2020-8013 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Suse Linux Enterprise Server 11

CVE-2020-8013

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because…

EPSS: 0.001 (16.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.2 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Suse Linux Enterprise Server 11 — versions permissions
Suse Linux Enterprise Server 12 — versions permissions
Suse Linux Enterprise Server 15 — versions permissions

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2020-8013

References

openSUSE-SU-2020:0302 (vendor-advisory, x_refsource_SUSE)
bugzilla.suse.com/show_bug.cgi (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-8013?: CVE-2020-8013 is a low-severity vulnerability in Suse Linux Enterprise Server 11, classified under Improper Link Resolution Before File Access. CVSS score: 2.2/10. Published 2020-03-02.
How severe is CVE-2020-8013?: Low severity. CVSS v3 base score is 2.2 out of 10.
Is CVE-2020-8013 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.