CVE-2020-8026

Name	CVE-2020-8026
Description	A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
inn2 (PTS)	buster	2.6.3-1+deb10u2	fixed
	bullseye	2.6.4-2	fixed
	bookworm	2.7.1-1+deb12u1	fixed
	trixie	2.7.2~20240212-1	fixed
	sid	2.7.2~20240325-3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
inn2	source	(unstable)	(not affected)

- inn2 <not-affected> (inews has correct ownership in Debian)