Published: 17/09/2020 Updated: 28/09/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 9.3 | Impact Score: 6 | Exploitability Score: 2.5

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions before 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions before 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions before 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions before 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions before 4.0.9-3.54.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
suse salt-netapi-client

CWE-284 https://bugzilla.suse.com/show_bug.cgi?id=1175884 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-8028

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect