skuba: Insecure /tmp usage when joining node to cluster

CVE-2020-8030

3.6LOW

Key Information

Vendor: Suse
Status: Suse Caas Platform 4.5
Vendor: CVE Published:; 11 February 2021

Summary

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.

Affected Version(s)

SUSE CaaS Platform 4.5 < 2.1.7

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 4.4 to: 3.6 - (LOW)
Feb 22, 2024
Vulnerability published.
Feb 11, 2021
Vulnerability Reserved.
Jan 27, 2020

Collectors

NVD DatabaseMitre Database

Credit

Johannes Segitz of SUSE