What is CVE-2020-8026?

CVE-2020-8026 is a high-severity vulnerability in Opensuse Leap 15.1, classified under Incorrect Default Permissions. CVSS score: 8.4/10. Published 2020-08-07.

How severe is CVE-2020-8026?

High severity. CVSS v3 base score is 8.4 out of 10.

Is CVE-2020-8026 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Opensuse Leap 15.1

CVE-2020-8026

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affec…

EPSS: 0.001 (16.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Opensuse Leap 15.1 — versions inn
Opensuse Leap 15.2 — versions inn
Opensuse Tumbleweed — versions inn

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2020-8026

References

bugzilla.suse.com/show_bug.cgi (x_refsource_CONFIRM)
openSUSE-SU-2020:1271 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2020:1272 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2020:1304 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2020:1427 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2020-8026?: CVE-2020-8026 is a high-severity vulnerability in Opensuse Leap 15.1, classified under Incorrect Default Permissions. CVSS score: 8.4/10. Published 2020-08-07.
How severe is CVE-2020-8026?: High severity. CVSS v3 base score is 8.4 out of 10.
Is CVE-2020-8026 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.