// For flags

CVE-2020-8016

race condition in the packaging of texlive-filesysten

Severity Score

7.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.

Una vulnerabilidad de CondiciĆ³n de Carrera habilitando un Seguimiento de Enlace en el paquete de texlive-filesystem de SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1, permite a los usuarios locales corromper archivos o escalar potencialmente privilegios. Este problema afecta: texlive-filesystem de SUSE Linux Enterprise Module for Desktop Applications 15-SP1 versiones anteriores a 2017.135-9.5.1. texlive-filesystem de SUSE Linux Enterprise Software Development Kit 12-SP4 versiones anteriores a 2013.74-16.5.1. texlive-filesystem de SUSE Linux Enterprise Software Development Kit 12-SP5 versiones anteriores a 2013.74-16.5.1. texlive-filesystem de openSUSE Leap 15.1 versiones anteriores a 2017.135-lp151.8.3.1.

*Credits: Matthias Gerstner of SUSE
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-27 CVE Reserved
  • 2020-04-02 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opensuse
Search vendor "Opensuse"
Texlive-filesystem
Search vendor "Opensuse" for product "Texlive-filesystem"
< 2017.135-9.5.1
Search vendor "Opensuse" for product "Texlive-filesystem" and version " < 2017.135-9.5.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
15
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "15"
sp1
Safe
Opensuse
Search vendor "Opensuse"
Texlive-filesystem
Search vendor "Opensuse" for product "Texlive-filesystem"
< 2013.74-16.5.1
Search vendor "Opensuse" for product "Texlive-filesystem" and version " < 2013.74-16.5.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
12
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"
sp4
Safe
Opensuse
Search vendor "Opensuse"
Texlive-filesystem
Search vendor "Opensuse" for product "Texlive-filesystem"
< 2013.74-16.5.1
Search vendor "Opensuse" for product "Texlive-filesystem" and version " < 2013.74-16.5.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
12
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"
sp5
Safe
Opensuse
Search vendor "Opensuse"
Texlive-filesystem
Search vendor "Opensuse" for product "Texlive-filesystem"
--
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
15
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "15"
-
Safe
Opensuse
Search vendor "Opensuse"
Texlive-filesystem
Search vendor "Opensuse" for product "Texlive-filesystem"
< 2017.135-lp151.8.3.1
Search vendor "Opensuse" for product "Texlive-filesystem" and version " < 2017.135-lp151.8.3.1"
-
Affected
in Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
15.1
Search vendor "Opensuse" for product "Leap" and version "15.1"
-
Safe