CVE-2020-14004
First published: Fri Jun 12 2020(Updated: )
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Icinga Icinga | >=2.0.0<=2.11.3 | |
| Icinga Icinga | =2.12.0-rc1 | |
| openSUSE Backports SLE | =15.0-sp1 | |
| openSUSE Backports SLE | =15.0-sp2 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00014.html
- http://www.openwall.com/lists/oss-security/2020/06/12/1
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-14004
- https://github.com/Icinga/icinga2/compare/v2.12.0-rc1...master
- https://github.com/Icinga/icinga2/pull/8045/commits/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6
- https://github.com/Icinga/icinga2/releases
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2020-14004.
What is the severity of CVE-2020-14004?
The severity of CVE-2020-14004 is high (7.8).
What is the affected software?
The affected software includes Icinga2 versions prior to v2.12.0-rc1, openSUSE Backports SLE 15.0 SP1, openSUSE Backports SLE 15.0 SP2, openSUSE Leap 15.1, and openSUSE Leap 15.2.
How can the vulnerability be exploited?
The vulnerability can be exploited by an unprivileged user who has control over the /run/icinga2/cmd symlink.
Are there any references for CVE-2020-14004?
Yes, you can find references for CVE-2020-14004 at the following URLs: [http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00014.html](http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00014.html), [http://www.openwall.com/lists/oss-security/2020/06/12/1](http://www.openwall.com/lists/oss-security/2020/06/12/1), [https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-14004](https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-14004).
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/icinga
- canonical/icinga icinga
- version/icinga icinga/2.0.0
- version/icinga icinga/2.11.3
- version/icinga icinga/2.12.0-rc1
- vendor/opensuse
- canonical/opensuse backports sle
- version/opensuse backports sle/15.0-sp1
- version/opensuse backports sle/15.0-sp2
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2