PT-2021-12706 · Suse · Suse Caas Platform 4.5

Johannes Segitz

Published

2021-02-11

Updated

2021-02-19

CVE-2020-8030

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: SUSE CaaS Platform 4.5

Description: A local attacker can exploit an Insecure Temporary File vulnerability in skuba to leak the bootstrapToken or modify the configuration file before it is processed. This can lead to arbitrary modifications of the machine or cluster.

Recommendations: For SUSE CaaS Platform 4.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-377

Related Identifiers

CVE-2020-8030

Affected Products

Suse Caas Platform 4.5

PT-2021-12706 · Suse · Suse Caas Platform 4.5

CVE-2020-8030

Weakness Enumeration

Related Identifiers

Affected Products

References · 5