skuba: Insecure /tmp usage when joining node to cluster
CVE-2020-8030

3.6LOW

Key Information:

Vendor: Suse
Status: Suse Caas Platform 4.5
Vendor: CVE Published:; 11 February 2021

What is CVE-2020-8030?

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SUSE CaaS Platform 4.5 suba < 2.1.7

References

https://bugzilla.suse.com/show_bug.cgi?id=1177361

x_refsource_CONFIRM

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2021
Vulnerability Reserved
Jan 27, 2020

Credit

Johannes Segitz of SUSE

JSON

Suse