CVE-2021-31998

Published: Jun 10, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.

Affected (2)

Products: Opensuse: Inn

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opensuse Inn	Up to 2.4.2-170.21.3.1

Running on/with	Platform Versions
Suse Linux Enterprise Server	Version 11 sp3

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Opensuse Inn	Before 2.6.2

Running on/with	Platform Versions
Opensuse Backports Sle	Version 15.0 sp2
Opensuse Leap	Version 15.2

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://bugzilla.suse.com/show_bug.cgi?id=1182321

Source: meissner@suse.de

ExploitIssue TrackingVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1182321

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.