How severe is CVE-2020-8831?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2020-8831?

This is classified as CWE-379, which is a common weakness in software security.

CVE-2020-8831

MEDIUM Year: 2020

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-379

View all →

Vulnerability Description

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.

CVE-2022-23163

MEDIUM

CVSS:5.5(Medium)

Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service...

CWE-3792022

CVE-2024-24693

MEDIUM

CVSS:5.5(Medium)

Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.

CWE-3792024

CVE-2025-21162

MEDIUM

CVSS:5.5(Medium)

Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the conte...

CWE-3792025

CVE-2021-21068

MEDIUM

CVSS:6.1(Medium)

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this i...

CWE-3792021

CVE-2021-28633

MEDIUM

CVSS:6.1(Medium)

Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause ...

CWE-3792021

CVE-2021-40776

MEDIUM

CVSS:6.1(Medium)

Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability ...

CWE-3792021

CVE-2020-8831

Vulnerability Description

Related Vulnerabilities

CVE-2022-23163

CVE-2024-24693

CVE-2025-21162

CVE-2021-21068

CVE-2021-28633

CVE-2021-40776