Vulnerabilities > CVE-2020-8027 - Insecure Temporary File vulnerability in Opensuse Openldap2

CVSS 6.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

HIGH

local

low complexity

opensuse

CWE-377

NVD

Published: 2021-02-11

Updated: 2021-02-23

Summary

A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.

Vulnerable Configurations

Part	Description	Count
Application	Opensuse Opensuse Openldap2 2.4.26-0.74.13 Opensuse Openldap2 2.4.41-18.71.2 Opensuse Openldap2 2.4.46-9.31.1 Opensuse Openldap2 2.4.46-9.37.1 Opensuse Openldap2 2.4.46-Lp151.10.18.1	5
OS	Suse Suse Linux Enterprise Server 15	2
OS	Opensuse Opensuse Leap 15.1 Opensuse Leap 15.2	2

Common Weakness Enumeration (CWE)

CWE-377 - Insecure Temporary File

References

https://bugzilla.suse.com/show_bug.cgi?id=1175568