PT-2021-12705 · Suse · Suse Caas Platform+1

Johannes Segitz

Published

2021-02-11

Updated

2021-02-19

CVE-2020-8029

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: SUSE CaaS Platform 4.5 skuba versions prior to the version including https://github.com/SUSE/skuba/pull/1416

Description: The issue is related to an Incorrect Permission Assignment for Critical Resource vulnerability in skuba, allowing local attackers to gain access to the kublet key. This vulnerability can be exploited by local attackers.

Recommendations: For SUSE CaaS Platform 4.5 skuba versions prior to the version including https://github.com/SUSE/skuba/pull/1416, update to a version that includes the changes from https://github.com/SUSE/skuba/pull/1416 to resolve the issue.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2020-8029

Affected Products

Suse Caas Platform

Skuba

PT-2021-12705 · Suse · Suse Caas Platform+1

CVE-2020-8029

Weakness Enumeration

Related Identifiers

Affected Products

References · 6