How severe is CVE-2020-8013?

This vulnerability has a severity rating of LOW with a CVSS score of 2.5 out of 10.

What type of vulnerability is CVE-2020-8013?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2020-8013 - LOW Severity | CVSS 2.5

Vulnerability Description

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.

Related Vulnerabilities

CVE-2021-23239

LOW

CVSS:2.5(Low)

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled ...

CWE-592021

CVE-2021-21740

LOW

CVSS:2.4(Low)

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential ga...

CWE-592021

CVE-2014-1420

LOW

CVSS:3.3(Low)

On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag...

CWE-592014

CVE-2015-0858

LOW

CVSS:3.3(Low)

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

CWE-592015

CVE-2015-7758

LOW

CVSS:3.3(Low)

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc...

CWE-592015

CVE-2019-6679

LOW

CVSS:3.3(Low)

On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.bl...

CWE-592019