CVE-2022-31252

Опубликовано: 06 окт. 2022

Источник: nvd

CVSS3: 4.4

EPSS Низкий

Описание

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.

Ссылки

https://bugzilla.suse.com/show_bug.cgi?id=1203018
Issue Tracking
Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1203018
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:opensuse:leap:15.3:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap_micro:5.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00081

Низкий

4.4 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

openSUSE-SU-2022:10128-1

suse-cvrf

больше 3 лет назад

Security update for permissions

SUSE-SU-2022:3394-1

suse-cvrf

больше 3 лет назад

Security update for permissions

SUSE-SU-2022:3382-1

suse-cvrf

больше 3 лет назад

Security update for permissions

SUSE-SU-2022:3353-1

suse-cvrf

больше 3 лет назад

Security update for permissions

GHSA-hr65-wxm7-w4jv

CVSS3: 4.4

github

больше 3 лет назад

EPSS

Процентиль: 24%

0.00081

Низкий

4.4 Medium

CVSS3

Дефекты

CWE-863