CVE-2020-8014

Publication date 29 June 2020

Last updated 17 July 2025

Ubuntu priority

Cvss 3 Severity Score

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
kopanocore	20.04 LTS focal	Not affected
	19.10 eoan	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release

Notes

mdeslaur

SUSE packaging issue, Ubuntu not vulnerable

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.8 · High

Base metrics

Parameter	Value
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality impact	High
Integrity impact	High
Availability impact	High

Scores

Parameter	Value
Base score	7.8 · High
Exploitability score	-
Impact score	-

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H