skuba: Insecure handling of private key

CVE-2020-8029

2.9LOW

Key Information

Vendor: Suse
Status: Suse Caas Platform 4.5
Vendor: CVE Published:; 11 February 2021

Summary

A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.

Affected Version(s)

SUSE CaaS Platform 4.5 < skuba

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 4 to: 2.9 - (LOW)
Feb 22, 2024
Vulnerability published.
Feb 11, 2021
Vulnerability Reserved.
Jan 27, 2020

Collectors

NVD DatabaseMitre Database

Credit

Johannes Segitz of SUSE