8.4

CVE-2022-1117

EPSS 0.3%
Veröffentlicht 29.08.2022 15:15:10
Zuletzt bearbeitet 21.11.2024 06:40:04
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fapolicyd Project ≫ Fapolicyd Version < 1.1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.217

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://access.redhat.com/security/cve/CVE-2022-1117

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2066904

Third Party Advisory

Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=2068171

Third Party Advisory

Issue Tracking

https://github.com/linux-application-whitelisting/fapolicyd/commit/38a942613f93824c53164730b2b7a2f75b8cd263

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1117

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1117

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1117

EUVD