How severe is CVE-2020-14367?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2020-14367?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2020-14367 - MEDIUM Severity | CVSS 6

Vulnerability Description

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.

Related Vulnerabilities

CVE-2025-21188

MEDIUM

CVSS:6.0(Medium)

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability

CWE-592025

CVE-2025-21347

MEDIUM

CVSS:6.0(Medium)

Windows Deployment Services Denial of Service Vulnerability

CWE-592025

CVE-2013-1866

MEDIUM

CVSS:6.1(Medium)

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability

CWE-592013

CVE-2013-1867

MEDIUM

CVSS:6.1(Medium)

Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability

CWE-592013

CVE-2015-5700

MEDIUM

CVSS:6.1(Medium)

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

CWE-592015

CVE-2015-5701

MEDIUM

CVSS:6.1(Medium)

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a...

CWE-592015