7.8

CVE-2022-30688

EPSS 0.04%
Veröffentlicht 17.05.2022 19:15:08
Zuletzt bearbeitet 21.11.2024 07:03:10
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Needrestart Project ≫ Needrestart Version >= 0.8 < 3.6

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.108

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://www.openwall.com/lists/oss-security/2022/05/17/9

Third Party Advisory

Mailing List

https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30

Patch

Third Party Advisory

https://github.com/liske/needrestart/releases/tag/v3.6

Third Party Advisory

Release Notes

https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-security-announce/2022/msg00105.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2022/dsa-5137

Third Party Advisory

https://www.openwall.com/lists/oss-security/2022/05/17/9

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-30688

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-30688

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-30688

EUVD