GHSA-hr65-wxm7-w4jv

Опубликовано: 06 окт. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.4

Описание

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.

Ссылки

EPSS

Процентиль: 24%

0.00081

Низкий

4.4 Medium

CVSS3

CVE ID

CVE-2022-31252

Дефекты

CWE-863

Связанные уязвимости

CVE-2022-31252

CVSS3: 4.4

nvd

больше 3 лет назад

openSUSE-SU-2022:10128-1

suse-cvrf

больше 3 лет назад

Security update for permissions

SUSE-SU-2022:3394-1

suse-cvrf

больше 3 лет назад

Security update for permissions

SUSE-SU-2022:3382-1

suse-cvrf

больше 3 лет назад

Security update for permissions

SUSE-SU-2022:3353-1

suse-cvrf

больше 3 лет назад

Security update for permissions

EPSS

Процентиль: 24%

0.00081

Низкий

4.4 Medium

CVSS3

CVE ID

CVE-2022-31252

Дефекты

CWE-863