CVE-2020-8014 – kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage

https://notcve.org/view.php?id=CVE-2020-8014

29 Jun 2020 — A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1. Una Vulnerabilidad de Seguimiento Enlace Simbólico de UNIX (Symlink) en el paquete de kopano-spamd de openSUSE Leap 15.1, openSUSE Tumbleweed perm... • https://bugzilla.suse.com/show_bug.cgi?id=1164131 • CWE-61: UNIX Symbolic Link (Symlink) Following •