Vulnerability Description
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sympa | Sympa | < 6.2.40 |
| Debian | Debian Linux | - |
Related Weaknesses (CWE)
References
- https://bugs.debian.org/971904Vendor Advisory
- https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1Mailing ListVendor Advisory
- https://www.debian.org/security/2020/dsa-4818Vendor Advisory
- https://bugs.debian.org/971904Vendor Advisory
- https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1Mailing ListVendor Advisory
- https://www.debian.org/security/2020/dsa-4818Vendor Advisory
FAQ
What is CVE-2020-26932?
CVE-2020-26932 is a vulnerability with a CVSS score of 4.3 (MEDIUM). debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
How severe is CVE-2020-26932?
CVE-2020-26932 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26932?
Check the references section above for vendor advisories and patch information. Affected products include: Sympa Sympa, Debian Debian Linux.