CVE-2020-8027
openldap uses fixed paths in /tmp
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.
Una vulnerabilidad de archivo temporal no seguro en openldap2 de SUSE Linux Enterprise Server versión 15-LTSS, SUSE Linux Enterprise Server para SAP versión 15; openSUSE Leap versión 15.1, openSUSE Leap versión 15.2, permite a atacantes locales sobrescribir archivos arbitrarios y obtener acceso a la configuración de openldap2. Este problema afecta a: openldap2 de SUSE Linux Enterprise Server versión 15-LTSS versiones anteriores a 2.4.46-9.37.1. openldap2 de SUSE Linux Enterprise Server para SAP versión 15 versiones anteriores a 2.4.46-9.37.1. openldap2 de openSUSE Leap versión 15.1 versiones anteriores a 2.4.46-lp151.10.18.1. openldap2 de openSUSE Leap versión 15.2 versiones anteriores a 2.4.46-lp152.14.9.1
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-27 CVE Reserved
- 2021-02-11 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-377: Insecure Temporary File
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1175568 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensuse Search vendor "Opensuse" | Openldap2 Search vendor "Opensuse" for product "Openldap2" | < 2.4.46-9.37.1 Search vendor "Opensuse" for product "Openldap2" and version " < 2.4.46-9.37.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15" | ltss |
Safe
|
| Opensuse Search vendor "Opensuse" | Openldap2 Search vendor "Opensuse" for product "Openldap2" | < 2.4.46-9.37.1 Search vendor "Opensuse" for product "Openldap2" and version " < 2.4.46-9.37.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15" | sap |
Safe
|
| Opensuse Search vendor "Opensuse" | Openldap2 Search vendor "Opensuse" for product "Openldap2" | < 2.4.46-lp151.10.18.1 Search vendor "Opensuse" for product "Openldap2" and version " < 2.4.46-lp151.10.18.1" | - |
Affected
| in | Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Safe
|
| Opensuse Search vendor "Opensuse" | Openldap2 Search vendor "Opensuse" for product "Openldap2" | < 2.4.46-lp152.14.9.1 Search vendor "Opensuse" for product "Openldap2" and version " < 2.4.46-lp152.14.9.1" | - |
Affected
| in | Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Safe
|