CVE-2020-8014

EUVD-2020-28927
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1.
Symlink
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.7 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
suseCNA
7.7 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
opensuseleap
15.1
opensusetumbleweed_kopano-spamd
𝑥
< 10.0.5-1.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kopanocore
bionic
not-affected
eoan
not-affected
focal
not-affected
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1164131
https://bugzilla.suse.com/show_bug.cgi?id=1164131