admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#4772

Browse Source 
Auto-merge PR#4772
This commit is contained in:
CVE Team 2020-09-17 04:45:22 -04:00 committed by GitHub
commit d49e0e1827
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 105 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
2020/8xxx/CVE-2020-8028.json
View File

@ -1,18 +1,116 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2020-09-16T00:00:00.000Z",
"ID": "CVE-2020-8028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "salt-api is accessible to every user on SUSE Manager Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Module for SUSE Manager Server 4.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "salt-netapi-client",
"version_value": "0.17.0-3.3.2"
}
]
}
},
{
"product_name": "SUSE Manager Server 3.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "salt-netapi-client",
"version_value": "0.16.0-4.14.1"
}
]
}
},
{
"product_name": "SUSE Manager Server 4.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "salt-netapi-client",
"version_value": "0.17.0-4.6.3"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there.\nThis issue affects:\nSUSE Linux Enterprise Module for SUSE Manager Server 4.1\ngoogle-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-.\nSUSE Manager Proxy 4.0\nrelease-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1.\nSUSE Manager Retail Branch Server 4.0\nrelease-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1.\nSUSE Manager Server 3.2\nsalt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-.\nSUSE Manager Server 4.0\nrelease-notes-susemanager versions prior to 4.0.9-3.54.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1175884",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1175884"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1175884",
"defect": [
"1175884"
],
"discovery": "EXTERNAL"
}
}
}