CVE-2022-31252

EPSS 0.03%
Veröffentlicht 06.10.2022 18:16:01
Zuletzt bearbeitet 21.11.2024 07:04:13
Quelle meissner@suse.de
Teams Watchlist Login
Unerledigt Login

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensuse ≫ Leap Version15.3

Opensuse ≫ Leap Version15.4

Opensuse ≫ Leap Micro Version5.2

Suse ≫ Linux Enterprise Server Version12 Updatesp5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.061

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	1.8	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
meissner@suse.de	4.4	1.8	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://bugzilla.suse.com/show_bug.cgi?id=1203018

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-31252

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31252

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31252

EUVD