CVEs-PoC/2020/CVE-2020-8022.md

### [CVE-2020-8022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8022)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Enterprise%20Storage%205&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP2-BCL&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP2-LTSS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP3-BCL&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP3-LTSS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP4&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP5&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2015-LTSS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%2012-SP2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%2012-SP3&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%2015&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20OpenStack%20Cloud%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20OpenStack%20Cloud%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20OpenStack%20Cloud%20Crowbar%208&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=tomcat%3C%208.0.53-29.32.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=tomcat%3C%209.0.35-3.39.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=tomcat%3C%209.0.35-3.57.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%3A%20Incorrect%20Default%20Permissions&color=brighgreen)

### Description

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/vincent-deng/veracode-container-security-finding-parser