{"api_version":"1","generated_at":"2026-04-22T23:30:46+00:00","cve":"CVE-2020-8030","urls":{"html":"https://cve.report/CVE-2020-8030","api":"https://cve.report/api/cve/CVE-2020-8030.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-8030","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-8030"},"summary":{"title":"CVE-2020-8030","description":"A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.","state":"PUBLIC","assigner":"security@suse.com","published_at":"2021-02-11 16:15:00","updated_at":"2021-02-19 16:55:00"},"problem_types":["CWE-377"],"metrics":[],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1177361","name":"https://bugzilla.suse.com/show_bug.cgi?id=1177361","refsource":"CONFIRM","tags":["Exploit","Issue Tracking","Vendor Advisory"],"title":"Bug 1177361 – VUL-0: CVE-2020-8030: skuba: Insecure /tmp usage when joining node to cluster","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-8030","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8030","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Johannes Segitz of SUSE","lang":""}],"nvd_cpes":[{"cve_year":"2020","cve_id":"8030","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"suse","cpe5":"caas_platform","cpe6":"4.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8030","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"suse","cpe5":"caas_platform","cpe6":"4.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@suse.com","DATE_PUBLIC":"2020-11-23T00:00:00.000Z","ID":"CVE-2020-8030","STATE":"PUBLIC","TITLE":"skuba: Insecure /tmp usage when joining node to cluster"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"SUSE CaaS Platform 4.5","version":{"version_data":[{"version_affected":"<","version_name":"suba","version_value":"2.1.7"}]}}]},"vendor_name":"SUSE"}]}},"credit":[{"lang":"eng","value":"Johannes Segitz of SUSE"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.6,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-377: Insecure Temporary File"}]}]},"references":{"reference_data":[{"name":"https://bugzilla.suse.com/show_bug.cgi?id=1177361","refsource":"CONFIRM","url":"https://bugzilla.suse.com/show_bug.cgi?id=1177361"}]},"source":{"advisory":"https://bugzilla.suse.com/show_bug.cgi?id=1177361","defect":["1177361"],"discovery":"INTERNAL"}},"nvd":{"publishedDate":"2021-02-11 16:15:00","lastModifiedDate":"2021-02-19 16:55:00","problem_types":["CWE-377"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":2.5},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.6},"severity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:suse:caas_platform:4.5:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"8030","Ordinal":"168356","Title":"CVE-2020-8030","CVE":"CVE-2020-8030","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"8030","Ordinal":"1","NoteData":"A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"8030","Ordinal":"2","NoteData":"2021-02-11","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"8030","Ordinal":"3","NoteData":"2021-02-11","Type":"Other","Title":"Modified"}]}}}