CVE-2020-8029 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-8029 Interim 1 13 2022-12-02T01:23:42Z current 2021-05-30T14:37:42Z 2022-12-02T01:23:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-8029 A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2020-December/008028.html E-Mail link for SUSE-CU-2020:822-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008031.html E-Mail link for SUSE-CU-2020:825-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008037.html E-Mail link for SUSE-CU-2020:831-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008038.html E-Mail link for SUSE-CU-2020:832-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008039.html E-Mail link for SUSE-CU-2020:833-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008040.html E-Mail link for SUSE-CU-2020:834-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008044.html E-Mail link for SUSE-CU-2020:837-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008054.html E-Mail link for SUSE-CU-2020:848-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008055.html E-Mail link for SUSE-CU-2020:849-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008056.html E-Mail link for SUSE-CU-2020:850-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008057.html E-Mail link for SUSE-CU-2020:851-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008058.html E-Mail link for SUSE-CU-2020:852-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007972.html E-Mail link for SUSE-SU-2020:3761-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.0 SUSE CaaS Platform 4.5 caasp-release-4.5.2-1.8.2 cri-o-1.18-1.18.4-4.3.2 cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2 etcdctl-3.4.13-3.3.1 helm2-2.16.12-3.3.1 helm3-3.3.3-3.8.1 kubernetes-1.18-kubeadm-1.18.10-4.3.1 kubernetes-1.18-kubelet-1.18.10-4.3.1 patterns-caasp-Management-4.5-3.3.1 skuba skuba-2.1.11-3.10.1 skuba-update skuba-update-2.1.11-3.10.1 velero-1.4.2-3.3.1 caasp-release-4.5.2-1.8.2 as a component of SUSE CaaS Platform 4.5 cri-o-1.18-1.18.4-4.3.2 as a component of SUSE CaaS Platform 4.5 cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2 as a component of SUSE CaaS Platform 4.5 etcdctl-3.4.13-3.3.1 as a component of SUSE CaaS Platform 4.5 helm2-2.16.12-3.3.1 as a component of SUSE CaaS Platform 4.5 helm3-3.3.3-3.8.1 as a component of SUSE CaaS Platform 4.5 kubernetes-1.18-kubeadm-1.18.10-4.3.1 as a component of SUSE CaaS Platform 4.5 kubernetes-1.18-kubelet-1.18.10-4.3.1 as a component of SUSE CaaS Platform 4.5 patterns-caasp-Management-4.5-3.3.1 as a component of SUSE CaaS Platform 4.5 skuba-2.1.11-3.10.1 as a component of SUSE CaaS Platform 4.5 skuba-update-2.1.11-3.10.1 as a component of SUSE CaaS Platform 4.5 velero-1.4.2-3.3.1 as a component of SUSE CaaS Platform 4.5 skuba as a component of SUSE CaaS Platform 4.0 skuba-update as a component of SUSE CaaS Platform 4.0 A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416. CVE-2020-8029 SUSE CaaS Platform 4.5:caasp-release-4.5.2-1.8.2 SUSE CaaS Platform 4.5:cri-o-1.18-1.18.4-4.3.2 SUSE CaaS Platform 4.5:cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2 SUSE CaaS Platform 4.5:etcdctl-3.4.13-3.3.1 SUSE CaaS Platform 4.5:helm2-2.16.12-3.3.1 SUSE CaaS Platform 4.5:helm3-3.3.3-3.8.1 SUSE CaaS Platform 4.5:kubernetes-1.18-kubeadm-1.18.10-4.3.1 SUSE CaaS Platform 4.5:kubernetes-1.18-kubelet-1.18.10-4.3.1 SUSE CaaS Platform 4.5:patterns-caasp-Management-4.5-3.3.1 SUSE CaaS Platform 4.5:skuba-2.1.11-3.10.1 SUSE CaaS Platform 4.5:skuba-update-2.1.11-3.10.1 SUSE CaaS Platform 4.5:velero-1.4.2-3.3.1 SUSE CaaS Platform 4.0:skuba SUSE CaaS Platform 4.0:skuba-update moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N