CVE-2020-8028

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Proxy 4.0 versions prior to 4.0.9-0.16.38.1 SUSE Manager Retail Branch Server 4.0 versions prior to 4.0.9-0.16.38.1 SUSE Manager Server 3.2 SUSE Manager Server 4.0 versions prior to 4.0.9-3.54.1 google-gson versions prior to 2.8.5-3.4.3 httpcomponents-client versions prior to 4.5.6-3.4.2

Description A vulnerability in the configuration of salt allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself, code can be executed as user salt, potentially allowing for escalation to root there.

Recommendations For SUSE Linux Enterprise Module for SUSE Manager Server 4.1, update to a version that includes the fix for this issue. For SUSE Manager Proxy 4.0, update to version 4.0.9-0.16.38.1 or later. For SUSE Manager Retail Branch Server 4.0, update to version 4.0.9-0.16.38.1 or later. For SUSE Manager Server 3.2, update salt-netapi-client to version 0.16.0-4.14.1 or later. For SUSE Manager Server 4.0, update to version 4.0.9-3.54.1 or later. For google-gson, update to version 2.8.5-3.4.3 or later. For httpcomponents-client, update to version 4.5.6-3.4.2 or later.