CVE-2020-8022

Опубликовано: 29 июн. 2020

Источник: redhat

CVSS3: 7.7

EPSS Низкий

Описание

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

Отчет

Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of RHOSP14 and is only receiving security fixes for Important and Critical flaws.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Decision Manager 7	tomcat	Not affected
Red Hat Enterprise Linux 6	tomcat6	Not affected
Red Hat Enterprise Linux 7	tomcat	Not affected
Red Hat Enterprise Linux 8	pki-deps:10.6/pki-servlet-engine	Not affected
Red Hat Fuse 7	tomcat	Not affected
Red Hat JBoss Data Grid 6	jbossweb	Out of support scope
Red Hat JBoss Data Virtualization 6	jbossweb	Out of support scope
Red Hat JBoss Enterprise Application Platform 6	jbossweb	Out of support scope
Red Hat JBoss Fuse 6	tomcat	Out of support scope
Red Hat JBoss Web Server 3	tomcat	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-276

https://bugzilla.redhat.com/show_bug.cgi?id=1852863tomcat: /usr/lib/tmpfiles.d/tomcat.conf is group-writable

EPSS

Процентиль: 43%

0.00204

Низкий

7.7 High

CVSS3

Связанные уязвимости

CVE-2020-8022

CVSS3: 7.7

nvd

около 5 лет назад

openSUSE-SU-2020:0911-1

suse-cvrf

около 5 лет назад

Security update for tomcat

SUSE-SU-2020:1791-1

suse-cvrf

около 5 лет назад

Security update for tomcat

SUSE-SU-2020:1790-1

suse-cvrf

около 5 лет назад

Security update for tomcat

SUSE-SU-2020:1789-1

suse-cvrf

около 5 лет назад

Security update for tomcat

EPSS

Процентиль: 43%

0.00204

Низкий

7.7 High

CVSS3