Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for openldap2 by opensuse
CVE-2022-31253 (GCVE-0-2022-31253)
Vulnerability from cvelistv5 – Published: 2022-11-09 13:50 – Updated: 2025-05-01 14:21
VLAI
Title
openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself
Summary
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
Impacted products
Date Public
2022-10-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1202931"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31253",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:21:33.036263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:21:38.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "2.6.3-404.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner from SUSE"
}
],
"datePublic": "2022-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1202931"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1202931",
"defect": [
"1202931"
],
"discovery": "INTERNAL"
},
"title": "openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-31253",
"datePublished": "2022-11-09T13:50:10.848Z",
"dateReserved": "2022-05-20T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:21:38.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8027 (GCVE-0-2020-8027)
Vulnerability from cvelistv5 – Published: 2021-02-11 16:10 – Updated: 2024-09-16 17:54
VLAI
Title
openldap uses fixed paths in /tmp
Summary
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.
Severity
7.3 (High)
CWE
- CWE-377 - Insecure Temporary File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1175568 | x_refsource_CONFIRM |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15-LTSS |
Affected:
openldap2 , < 2.4.46-9.37.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 15 |
Affected:
openldap2 , < 2.4.46-9.37.1
(custom)
|
|
| openSUSE | openSUSE Leap 15.1 |
Affected:
openldap2 , < 2.4.46-lp151.10.18.1
(custom)
|
|
| openSUSE | openSUSE Leap 15.2 |
Affected:
openldap2 , < 2.4.46-lp152.14.9.1
(custom)
|
Date Public
2020-09-22 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1175568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 15-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.46-9.37.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 15",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.46-9.37.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.1",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "2.4.46-lp151.10.18.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "2.4.46-lp152.14.9.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thorsten Kukuk/Matthias Gerstner of SUSE"
}
],
"datePublic": "2020-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377: Insecure Temporary File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T16:10:14.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1175568"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1175568",
"defect": [
"1175568"
],
"discovery": "INTERNAL"
},
"title": "openldap uses fixed paths in /tmp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-09-22T00:00:00.000Z",
"ID": "CVE-2020-8027",
"STATE": "PUBLIC",
"TITLE": "openldap uses fixed paths in /tmp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 15-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-9.37.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 15",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-9.37.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "openSUSE Leap 15.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-lp151.10.18.1"
}
]
}
},
{
"product_name": "openSUSE Leap 15.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-lp152.14.9.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thorsten Kukuk/Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377: Insecure Temporary File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1175568",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1175568"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1175568",
"defect": [
"1175568"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2020-8027",
"datePublished": "2021-02-11T16:10:14.335Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:54:21.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8023 (GCVE-0-2020-8023)
Vulnerability from cvelistv5 – Published: 2020-09-01 11:25 – Updated: 2024-09-16 18:33
VLAI
Title
Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2
Summary
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.
Severity
7.7 (High)
CWE
- CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1172698 | x_refsource_CONFIRM |
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Enterprise Storage 5 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Debuginfo 11-SP3 |
Affected:
openldap2 , < 2.4.26-0.74.13.1,
(custom)
|
|
| SUSE | SUSE Linux Enterprise Debuginfo 11-SP4 |
Affected:
openldap2 , < 2.4.26-0.74.13.1,
(custom)
|
|
| SUSE | SUSE Linux Enterprise Point of Sale 11-SP3 |
Affected:
openldap2 , < 2.4.26-0.74.13.1,
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 11-SECURITY |
Affected:
openldap2-client-openssl1 , < 2.4.26-0.74.13.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 11-SP4-LTSS |
Affected:
openldap2 , < 2.4.26-0.74.13.1,
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP2-BCL |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP2-LTSS |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP3-BCL |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP3-LTSS |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP4 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP5 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15-LTSS |
Affected:
openldap2 , < 2.4.46-9.31.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 12-SP2 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 12-SP3 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 15 |
Affected:
openldap2 , < 2.4.46-9.31.1
(custom)
|
|
| SUSE | SUSE OpenStack Cloud 7 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE OpenStack Cloud 8 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE OpenStack Cloud Crowbar 8 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| openSUSE | openSUSE Leap 15.1 |
Affected:
openldap2 , < 2.4.46-lp151.10.12.1
(custom)
|
|
| openSUSE | openSUSE Leap 15.2 |
Affected:
openldap2 , < 2.4.46-lp152.14.3.1
(custom)
|
Date Public
2020-07-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Enterprise Storage 5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Debuginfo 11-SP3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.26-0.74.13.1,",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Debuginfo 11-SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.26-0.74.13.1,",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Point of Sale 11-SP3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.26-0.74.13.1,",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 11-SECURITY",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.26-0.74.13.1",
"status": "affected",
"version": "openldap2-client-openssl1",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.26-0.74.13.1,",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP2-BCL",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP3-BCL",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 15-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.46-9.31.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 12-SP2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 12-SP3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 15",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.46-9.31.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud Crowbar 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.1",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "2.4.46-lp151.10.12.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "2.4.46-lp152.14.3.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Segitz of SUSE"
}
],
"datePublic": "2020-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-349",
"description": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T11:25:12.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172698"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172698",
"defect": [
"1172698"
],
"discovery": "INTERNAL"
},
"title": "Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-07-06T00:00:00.000Z",
"ID": "CVE-2020-8023",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Enterprise Storage 5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Debuginfo 11-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.26-0.74.13.1,"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Debuginfo 11-SP4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.26-0.74.13.1,"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Point of Sale 11-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.26-0.74.13.1,"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 11-SECURITY",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2-client-openssl1",
"version_value": "2.4.26-0.74.13.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.26-0.74.13.1,"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP2-BCL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP3-BCL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 15-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-9.31.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 15",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-9.31.1"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud 7",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud 8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud Crowbar 8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "openSUSE Leap 15.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-lp151.10.12.1"
}
]
}
},
{
"product_name": "openSUSE Leap 15.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-lp152.14.3.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Segitz of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1172698",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172698"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172698",
"defect": [
"1172698"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2020-8023",
"datePublished": "2020-09-01T11:25:12.674Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:33:45.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31253 (GCVE-0-2022-31253)
Vulnerability from nvd – Published: 2022-11-09 13:50 – Updated: 2025-05-01 14:21
VLAI
Title
openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself
Summary
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
Impacted products
Date Public
2022-10-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1202931"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31253",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:21:33.036263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:21:38.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "2.6.3-404.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner from SUSE"
}
],
"datePublic": "2022-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1202931"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1202931",
"defect": [
"1202931"
],
"discovery": "INTERNAL"
},
"title": "openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-31253",
"datePublished": "2022-11-09T13:50:10.848Z",
"dateReserved": "2022-05-20T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:21:38.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8027 (GCVE-0-2020-8027)
Vulnerability from nvd – Published: 2021-02-11 16:10 – Updated: 2024-09-16 17:54
VLAI
Title
openldap uses fixed paths in /tmp
Summary
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.
Severity
7.3 (High)
CWE
- CWE-377 - Insecure Temporary File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1175568 | x_refsource_CONFIRM |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15-LTSS |
Affected:
openldap2 , < 2.4.46-9.37.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 15 |
Affected:
openldap2 , < 2.4.46-9.37.1
(custom)
|
|
| openSUSE | openSUSE Leap 15.1 |
Affected:
openldap2 , < 2.4.46-lp151.10.18.1
(custom)
|
|
| openSUSE | openSUSE Leap 15.2 |
Affected:
openldap2 , < 2.4.46-lp152.14.9.1
(custom)
|
Date Public
2020-09-22 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1175568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 15-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.46-9.37.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 15",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.46-9.37.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.1",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "2.4.46-lp151.10.18.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "2.4.46-lp152.14.9.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thorsten Kukuk/Matthias Gerstner of SUSE"
}
],
"datePublic": "2020-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377: Insecure Temporary File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T16:10:14.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1175568"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1175568",
"defect": [
"1175568"
],
"discovery": "INTERNAL"
},
"title": "openldap uses fixed paths in /tmp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-09-22T00:00:00.000Z",
"ID": "CVE-2020-8027",
"STATE": "PUBLIC",
"TITLE": "openldap uses fixed paths in /tmp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 15-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-9.37.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 15",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-9.37.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "openSUSE Leap 15.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-lp151.10.18.1"
}
]
}
},
{
"product_name": "openSUSE Leap 15.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-lp152.14.9.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thorsten Kukuk/Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377: Insecure Temporary File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1175568",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1175568"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1175568",
"defect": [
"1175568"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2020-8027",
"datePublished": "2021-02-11T16:10:14.335Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:54:21.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8023 (GCVE-0-2020-8023)
Vulnerability from nvd – Published: 2020-09-01 11:25 – Updated: 2024-09-16 18:33
VLAI
Title
Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2
Summary
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.
Severity
7.7 (High)
CWE
- CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1172698 | x_refsource_CONFIRM |
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Enterprise Storage 5 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Debuginfo 11-SP3 |
Affected:
openldap2 , < 2.4.26-0.74.13.1,
(custom)
|
|
| SUSE | SUSE Linux Enterprise Debuginfo 11-SP4 |
Affected:
openldap2 , < 2.4.26-0.74.13.1,
(custom)
|
|
| SUSE | SUSE Linux Enterprise Point of Sale 11-SP3 |
Affected:
openldap2 , < 2.4.26-0.74.13.1,
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 11-SECURITY |
Affected:
openldap2-client-openssl1 , < 2.4.26-0.74.13.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 11-SP4-LTSS |
Affected:
openldap2 , < 2.4.26-0.74.13.1,
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP2-BCL |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP2-LTSS |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP3-BCL |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP3-LTSS |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP4 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12-SP5 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15-LTSS |
Affected:
openldap2 , < 2.4.46-9.31.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 12-SP2 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 12-SP3 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 15 |
Affected:
openldap2 , < 2.4.46-9.31.1
(custom)
|
|
| SUSE | SUSE OpenStack Cloud 7 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE OpenStack Cloud 8 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| SUSE | SUSE OpenStack Cloud Crowbar 8 |
Affected:
openldap2 , < 2.4.41-18.71.2
(custom)
|
|
| openSUSE | openSUSE Leap 15.1 |
Affected:
openldap2 , < 2.4.46-lp151.10.12.1
(custom)
|
|
| openSUSE | openSUSE Leap 15.2 |
Affected:
openldap2 , < 2.4.46-lp152.14.3.1
(custom)
|
Date Public
2020-07-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Enterprise Storage 5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Debuginfo 11-SP3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.26-0.74.13.1,",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Debuginfo 11-SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.26-0.74.13.1,",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Point of Sale 11-SP3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.26-0.74.13.1,",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 11-SECURITY",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.26-0.74.13.1",
"status": "affected",
"version": "openldap2-client-openssl1",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.26-0.74.13.1,",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP2-BCL",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP3-BCL",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 15-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.46-9.31.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 12-SP2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 12-SP3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 15",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.46-9.31.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud Crowbar 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.4.41-18.71.2",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.1",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "2.4.46-lp151.10.12.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "2.4.46-lp152.14.3.1",
"status": "affected",
"version": "openldap2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Segitz of SUSE"
}
],
"datePublic": "2020-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-349",
"description": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T11:25:12.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172698"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172698",
"defect": [
"1172698"
],
"discovery": "INTERNAL"
},
"title": "Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-07-06T00:00:00.000Z",
"ID": "CVE-2020-8023",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Enterprise Storage 5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Debuginfo 11-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.26-0.74.13.1,"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Debuginfo 11-SP4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.26-0.74.13.1,"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Point of Sale 11-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.26-0.74.13.1,"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 11-SECURITY",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2-client-openssl1",
"version_value": "2.4.26-0.74.13.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.26-0.74.13.1,"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP2-BCL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP3-BCL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 15-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-9.31.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 15",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-9.31.1"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud 7",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud 8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud Crowbar 8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.41-18.71.2"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "openSUSE Leap 15.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-lp151.10.12.1"
}
]
}
},
{
"product_name": "openSUSE Leap 15.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "openldap2",
"version_value": "2.4.46-lp152.14.3.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Segitz of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1172698",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172698"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172698",
"defect": [
"1172698"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2020-8023",
"datePublished": "2020-09-01T11:25:12.674Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:33:45.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}