Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-21950

Опубликовано: 07 сент. 2022
Источник: nvd
CVSS3: 5.3
EPSS Низкий

Описание

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:opensuse:canna:*:*:*:*:*:*:*:*
Версия до 3.7p3-bp153.2.3.1 (исключая)
cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:a:opensuse:canna:*:*:*:*:*:*:*:*
Версия до 3.7p3-bp154.3.3.1 (исключая)
cpe:2.3:a:opensuse:backports_sle:15.0:sp4:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:a:opensuse:canna:3.7p3:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%
0.00094
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-284

Связанные уязвимости

suse-cvrf логотип

openSUSE-SU-2022:10091-1

suse-cvrf
больше 3 лет назад

Security update for canna

suse-cvrf логотип

openSUSE-SU-2022:10090-1

suse-cvrf
больше 3 лет назад

Security update for canna

github логотип

GHSA-3485-7x7c-qrw2

CVSS3: 7.8
github
больше 3 лет назад

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.

EPSS

Процентиль: 27%
0.00094
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-284