CVE-2020-8022: 
Apache Tomcat vulnerability analysis and mitigation

CVE-2020-8022 is an Incorrect Default Permissions vulnerability discovered in the packaging of Tomcat on various SUSE Linux Enterprise distributions. The vulnerability was disclosed in June 2020 and affects multiple SUSE products including SUSE Enterprise Storage 5, SUSE Linux Enterprise Server versions, and OpenSUSE Leap 15.1 (SUSE Bug).

The vulnerability stems from improper permissions set on the systemd-tmpfiles configuration file (/usr/lib/tmpfiles.d/tomcat.conf), which was packaged with mode 664 and group-ownership for the tomcat group. The file was configured with read-write permissions (rw-rw-r--) owned by root:tomcat, allowing members of the tomcat group to modify the configuration file (SUSE Bug).

This vulnerability allows a compromised tomcat group account to perform a full local root exploit. An attacker with access to the tomcat group could modify the tmpfiles configuration to gain elevated privileges, potentially accessing sensitive system files like /etc/shadow and executing commands with root privileges (SUSE Bug).

The fix involves changing the ownership and permissions of /usr/lib/tmpfiles.d/tomcat.conf to root:root with mode 644, removing write permissions for the tomcat group while maintaining readability. This update was released through various SUSE security updates (SUSE-SU-2020:1788-1, SUSE-SU-2020:1789-1, SUSE-SU-2020:1790-1, SUSE-SU-2020:1791-1) (SUSE Bug, OpenSUSE Announce).