What is CVE-2020-8028?

CVE-2020-8028 is a critical-severity vulnerability in Suse Linux Enterprise Module For Manager Server 4.1, classified under Improper Access Control. CVSS score: 9.3/10. Published 2020-09-17.

How severe is CVE-2020-8028?

Critical severity. CVSS v3 base score is 9.3 out of 10.

Vulnerability in Suse Linux Enterprise Module For Manager Server 4.1

CVE-2020-8028

A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4…

EPSS: 0.000 (9.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.3 (Critical). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Suse Linux Enterprise Module For Manager Server 4.1 — versions salt-netapi-client
Suse Manager Server 3.2 — versions salt-netapi-client
Suse Manager Server 4.0 — versions salt-netapi-client

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

bugzilla.suse.com/show_bug.cgi (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-8028?: CVE-2020-8028 is a critical-severity vulnerability in Suse Linux Enterprise Module For Manager Server 4.1, classified under Improper Access Control. CVSS score: 9.3/10. Published 2020-09-17.
How severe is CVE-2020-8028?: Critical severity. CVSS v3 base score is 9.3 out of 10.