CVE-2024-22029

EPSS 0.02%
Veröffentlicht 16.10.2024 14:15:04
Zuletzt bearbeitet 26.08.2025 21:15:35
Quelle meissner@suse.de
Teams Watchlist Login
Unerledigt Login

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSUSE

≫

Produkt Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Enterprise Storage 7.1

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise High Performance Computing 15 SP5

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Module for Web and Scripting 15 SP5

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Server 15 SP5

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Server for SAP Applications 15 SP5

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise High Performance Computing 15 SP6

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Module for Web and Scripting 15 SP6

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Server 15 SP6

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Server for SAP Applications 15 SP6

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Server 15 SP2-LTSS

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Server 15 SP3-LTSS

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Server 15 SP4-LTSS

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Server for SAP Applications 15 SP2

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Server for SAP Applications 15 SP3

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Linux Enterprise Server for SAP Applications 15 SP4

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt SUSE Manager Server 4.3

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt openSUSE Leap 15.5

Default Statusunaffected

Version < 9.0.85-150200.57.1

Version ?

Status affected

HerstellerSUSE

≫

Produkt openSUSE Tumbleweed

Default Statusunaffected

Version < 9.0.85-3.1

Version ?

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
meissner@suse.de	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22029

https://nvd.nist.gov/vuln/detail/CVE-2024-22029

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-22029

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-22029

EUVD