Back to search
CVE-2020-14004
Published: Jun 12, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-14004
x_refsource_MISC
https://github.com/Icinga/icinga2/releases
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2020/06/12/1
x_refsource_CONFIRM
https://github.com/Icinga/icinga2/compare/v2.12.0-rc1...master
x_refsource_MISC
openSUSE-SU-2020:1820
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now