Path Traversal Vulnerability in OSSEC-HIDS Log Analysis Component
CVE-2020-8446

5.5MEDIUM

Key Information:

Vendor

Ossec

Status
Ossec
Vendor
CVE Published:
30 January 2020

What is CVE-2020-8446?

The OSSEC-HIDS log analysis component, ossec-analysisd, is susceptible to a path traversal vulnerability that allows local users to exploit crafted syscheck messages. This vulnerability can grant unauthorized write access via the UNIX domain socket, potentially leading to manipulation or exposure of sensitive data within the system. Proper safeguards and updates are essential to mitigate the risks associated with this security flaw.

References

https://github.com/ossec/ossec-hids/issues/1821
x_refsource_MISC
https://www.ossec.net/
x_refsource_MISC
https://github.com/ossec/ossec-hids/issues/1813
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.